Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Sign in to follow this  
Followers 0
Rss Bot

Secunia: Open-source Libraries Denial of Service Vulnerabilities Series

By Rss Bot, in Hosting security alert

Recommended Posts

Rss Bot    1

Rss Bot
Posted

By Jakub Jirsek, Secunia Research at Flexera Introduction In my recent research, I investigated six open-source libraries for previously undiscovered vulnerabilities. I was surprised how I could uncover vulnerabilities in most of them. The vulnerabilities result in a DoS (Denial of Service) as worst impact and are rated “Moderately Critical”. This write-up provides a closer look at each of the vulnerabilities. libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability [CVE-2017-5601] Summary The vulnerability is caused due to an error in the "lha_read_file_header_1()" function (archive_read_support_format_lha.c), which can be exploited by malicious people to trigger an out-of-bounds read memory access via a specially crafted archive file. The vulnerability is confirmed in version 3.2.2 and has been fixed in version 3.3.1 [1]. Technical Details The root cause of the problem resides in the way how LHA external sections of the input files are processed by the library. With a specially crafted archive...

View the full article

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Topic Listing
×