The Eoan Ermine has reached end of life, so this bug will not be fixed
for that release
** Changed in: whoopsie (Ubuntu Eoan)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1882180
Title:
DoS vulnerability: fail to allocate
Status in whoopsie package in Ubuntu:
Fix Released
Status in whoopsie source package in Xenial:
Fix Released
Status in whoopsie source package in Bionic:
Fix Released
Status in whoopsie source package in Eoan:
Won't Fix
Status in whoopsie source package in Focal:
Fix Released
Status in whoopsie source package in Groovy:
Fix Released
Bug description:
Hi,
I have found a security issue on whoopsie 0.2.69 and earlier.
# Vulnerability description
In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in
the parse_report function.
A crafted input, i.e., crash report located in '/var/crash/', will lead to a
denial of service attack.
During the parsing of the crash report, the data length is not checked.
The value of data length can be directly controlled by an input file.
In the parse_report() function, the g_malloc or g_realloc is called based on
data length.
If we set the value of data length close to the amount of system memory, it
will cause the daemon process to terminate unexpectedly, hang the system, or
trigger the OOM killer.
# PoC
Please check the below whoopsie_killer2.py
Sincerely,
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
