Source: pspp Version: 1.2.0-2 Severity: important Tags: security upstream Hi,
The following vulnerability was published for pspp. CVE-2018-20230[0]: | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer | overflow at the function read_bytes_internal in | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of | service (application crash) or possibly have unspecified other impact. > ==6100==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x602000000471 at pc 0x7fa0eba71110 bp 0x7ffcb1f6d0f0 sp 0x7ffcb1f6c8a0 > WRITE of size 199 at 0x602000000471 thread T0 > #0 0x7fa0eba7110f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f) > #1 0x40d1a9 in read_bytes_internal utilities/pspp-dump-sav.c:1585 > #2 0x40d2c9 in read_bytes utilities/pspp-dump-sav.c:1601 > #3 0x40c0e6 in open_text_record utilities/pspp-dump-sav.c:1399 > #4 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912 > #5 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626 > #6 0x407340 in main utilities/pspp-dump-sav.c:218 > #7 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308 > #8 0x4024d9 in _start (/tmp/pspp-1.2.0/utilities/pspp-dump-sav+0x4024d9) > > 0x602000000471 is located 0 bytes to the right of 1-byte region > [0x602000000470,0x602000000471) > allocated by thread T0 here: > #0 0x7fa0ebac1ed0 in __interceptor_malloc > (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8ed0) > #1 0x40f138 in xmalloc gl/xmalloc.c:41 > #2 0x40c0cb in open_text_record utilities/pspp-dump-sav.c:1398 > #3 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912 > #4 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626 > #5 0x407340 in main utilities/pspp-dump-sav.c:218 > #6 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308 > > SUMMARY: AddressSanitizer: heap-buffer-overflow > (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f) > Shadow bytes around the buggy address: > 0x0c047fff8030: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa > 0x0c047fff8040: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa > 0x0c047fff8050: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa > 0x0c047fff8060: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa > 0x0c047fff8070: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa > =>0x0c047fff8080: fa fa fd fa fa fa fd fa fa fa fd fa fa fa[01]fa > 0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c047fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c047fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c047fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c047fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb > ==6100==ABORTING If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20230 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1660318 Please adjust the affected versions in the BTS as needed. Regards, Salvatore