Bug 963970 (CVE-2016-2090) - VUL-1: CVE-2016-2090: libbsd: heap buffer overflow in fgetwln function
Summary: VUL-1: CVE-2016-2090: libbsd: heap buffer overflow in fgetwln function
Status: RESOLVED FIXED
Alias: CVE-2016-2090
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P4 - Low : Minor
Target Milestone: ---
Assignee: Cristian Rodríguez
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/161384/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-28 12:15 UTC by Johannes Segitz
Modified: 2017-08-15 11:55 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-01-28 12:15:28 UTC 
rh#1302622

libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.

Original bug report

https://bugs.freedesktop.org/show_bug.cgi?id=93881

Upstream fix:

http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7

External reference:

https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1302622
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2090
http://seclists.org/oss-sec/2016/q1/234
Comment 1 Johannes Segitz 2016-01-28 12:15:43 UTC 
Factory only
Comment 2 Swamp Workflow Management 2016-01-28 23:03:11 UTC 
bugbot adjusting priority
Comment 3 Johannes Segitz 2017-08-15 11:55:49 UTC 
fixed