group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1882180] Re: DoS vulnerability: fail to allocate

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1882180@xxxxxxxxxxxxxxxxxx>
Date: Tue, 04 Aug 2020 17:18:23 -0000
Reply-to: Bug 1882180 <1882180@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package whoopsie - 0.2.62ubuntu0.5

---------------
whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Fri, 24 Jul 2020
08:55:26 -0400

** Changed in: whoopsie (Ubuntu Bionic)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1882180

Title:
  DoS vulnerability: fail to allocate

Status in whoopsie package in Ubuntu:
  Confirmed
Status in whoopsie source package in Xenial:
  Fix Released
Status in whoopsie source package in Bionic:
  Fix Released
Status in whoopsie source package in Eoan:
  Confirmed
Status in whoopsie source package in Focal:
  Fix Released
Status in whoopsie source package in Groovy:
  Confirmed

Bug description:
  Hi,

  I have found a security issue on whoopsie 0.2.69 and earlier.

  # Vulnerability description
  In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function.
  A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack.
  During the parsing of the crash report, the data length is not checked.         
  The value of data length can be directly controlled by an input file.           
  In the parse_report() function, the g_malloc or g_realloc is called based on data length.
  If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer.

  # PoC
  Please check the below whoopsie_killer2.py

  Sincerely,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions