| Summary: | Bzip2 decompression crashes | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Ariel Zelivansky <ariel> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.27.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: |
Crash 1
Crash 2 afl readme |
||
Created attachment 7296 [details]
Crash 2
Created attachment 7301 [details]
afl readme
Fixed in git, thanks! |
Created attachment 7291 [details] Crash 1 Hi, While fuzzing busybox I found a vulnerability in the bzip2 decompression code (archival/libarchive/decompress_bunzip2.c line 513). This is likely a write access violation, I did not try to exploit this so I don't know how bad it is. Leads to a crash at least. Attached are two crash files and the fuzzer info. I tested these on the current git master and with versions 1.17.2 and 1.16.0. Please let me know if this is the right place to report possibly security related issues