Your message dated Fri, 3 Sep 2021 07:43:52 -0500 with message-id <24882.6280.460757.229...@rob.eddelbuettel.com> has caused the report #993584, regarding r-cran-lpsolve: Potential Integer Overflow vulnerability in src/mmio.c to be marked as having been forwarded to the upstream software author(s) "Gábor Csárdi" <csardi.ga...@gmail.com>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 993584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Hi Gábor, I got the following bug report against the Debian instance of lpSolve which you maintain. This clearly comes from an automated scanning system so may have false positives. A (very quick) look for mmio upstream suggests that it has not changed. So maybe worth putting a local change in. Let me know if you have other thoughts / if you become aware of a more general solution. Best, Dirk On 3 September 2021 at 21:12, Potential Buffer Overflow vulnerability in xfig-3.2.7b wrote: | Package: r-cran-lpsolve | Version: 5.6.15 | Severity: normal | | Dear Maintainer, | | It seems that there exits a potential Integer Overflow in src/mmio.c. | in line 53, | (53) if (mm_read_mtx_crd_size(f, &M, &N, &nz) !=0) | ... | (65) I = (int *) malloc(nz * sizeof(int)); | (66) J = (int *) malloc(nz * sizeof(int)); | | in function mm_read_mtx_crd_size(FILE *f, int *M, int *N, int *nz ), | in line 207, | (207) if (sscanf(line, "%d %d %d", M, N, nz) >= 2) | | As a result, in line 65, variable nz is read from external source. | If nz is large enough, multiplication may cause allocation to wrong value. | | | -- System Information: | Debian Release: 11.0 | APT prefers oldstable-updates | APT policy: (500, 'oldstable-updates'), (500, 'oldstable') | Architecture: amd64 (x86_64) | | Kernel: Linux 4.4.0-19041-Microsoft | Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) | Shell: /bin/sh linked to /bin/dash | Init: unable to detect -- https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
--- End Message ---
