clone 1021738 -1
retitle 1021738 man2html: CVE-2021-40647
tags 1021738 +pending
retitle -1 man2html: CVE-2021-40648
tags -1 +moreinfo
thanks
Moritz Mühlenhoff pisze:
Hi
First of all I'm sorry for not taking care about it earlier, I didn't
have time for Debian work in the previous year.
The following vulnerabilities were published for man2html.
CVE-2021-40647[0]:
Ok, this is quite easy to fix, I will upload fixed version soon.
CVE-2021-40648[1]:
| In man2html 1.6g, a filename can be created to overwrite the previous
| size parameter of the next chunk and the fd, bk, fd_nextsize,
According to instructions given at
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 I tried
to reproduce this with the following commands:
file=$(perl -e 'print "A" x 132')
touch $file
man2html $file
I used man2html built with AddressSanitizer and it found only a few
small memory leaks coming from global variables.
So I have no idea what really is wrong in this CVE. The source code
references given at the above link actually refer to calls to
fopen()/fclose() functions rather then to directly malloc() and free()
directly.
Regards,
robert
