FS#68685 - [musl][security] 1.2.1-1: CVE-2020-28928: wcsnrtombs destination buffer overflow
Attached to Project:
Community Packages
Opened by Pascal Ernster (hardfalcon) - Friday, 20 November 2020, 11:58 GMT
Last edited by Eli Schwartz (eschwartz) - Friday, 20 November 2020, 20:29 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 20 November 2020, 11:58 GMT
Last edited by Eli Schwartz (eschwartz) - Friday, 20 November 2020, 20:29 GMT
|
Details
Quote from
https://www.openwall.com/lists/oss-security/2020/11/20/4:
> The wcsnrtombs function in all musl libc versions up through 1.2.1 has > been found to have multiple bugs in handling of destination buffer > size when limiting the input character count, which can lead to > infinite loop with no forward progress (no overflow) or writing past > the end of the destination buffera. > > This function is not used internally in musl and is not widely used, > but does appear in some applications. The non-input-limiting form > wcsrtombs is not affected. > > All users of musl 1.2.1 and prior versions should apply the attached > patch, which replaces the overly complex and erroneous implementation. > The upcoming 1.2.2 release will adopt this new implementation. 
wcsnrtombs-cve-2020-28928.diff
(1.3 KiB)
|
This task depends upon
Closed by Eli Schwartz (eschwartz)
Friday, 20 November 2020, 20:29 GMT
Reason for closing: Fixed
Additional comments about closing: musl 1.2.1-2
Friday, 20 November 2020, 20:29 GMT
Reason for closing: Fixed
Additional comments about closing: musl 1.2.1-2
However, busybox does not need to be rebuilt -- it does not use the wcsnrtombs function directly, and per the announcement "This function is not used internally in musl".