FS#67873 - [security][opendmarc] CVE-2020-12460
Attached to Project:
Community Packages
Opened by loqs (loqs) - Saturday, 12 September 2020, 00:17 GMT
Last edited by freswa (frederik) - Sunday, 11 October 2020, 16:41 GMT
Opened by loqs (loqs) - Saturday, 12 September 2020, 00:17 GMT
Last edited by freswa (frederik) - Sunday, 11 October 2020, 16:41 GMT
|
Details
Description:
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. This is not fixed in opendmarc 1.3.3-1 as stated by [6]. 1.3.3 upstream tag rel-opendmarc-1-3-3 [1] only removed non-free IETF draft DMARC documentation [2]. It does not address CVE-2020-12460 [3] which was fixed in [4] nor was was it backported locally [5]. You can crosscheck opendmarc/opendmarc_xml.c line 575 is still bufp = calloc(statb.st_size, 1); not bufp = calloc(statb.st_size + 1, 1); Additional info: * opendmarc 1.3.3-1 [1] https://github.com/trusteddomainproject/OpenDMARC/releases/tag/rel-opendmarc-1-3-3 [2] https://github.com/trusteddomainproject/OpenDMARC/commits/b0d6408d0859adb336428e3d0bd87749513a9e79 [3] https://github.com/trusteddomainproject/OpenDMARC/issues/64 [4] https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f [5] https://github.com/archlinux/svntogit-community/blob/b59051a13600713b4da2d0a4d4c9d5e64b902491/repos/community-x86_64/PKGBUILD [6] https://security.archlinux.org/AVG-1208 |
This task depends upon
Closed by freswa (frederik)
Sunday, 11 October 2020, 16:41 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.3-2
Sunday, 11 October 2020, 16:41 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.3-2