[Git][security-tracker-team/security-tracker][master] Add two oss-fuzz related issues for libbpf
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 1 08:55:54 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c981596 by Salvatore Bonaccorso at 2022-01-01T09:54:03+01:00
Add two oss-fuzz related issues for libbpf
As with the already looked reports, not really helpful information as
e.g. introducing commits are mostly related to when oss-fuzzing started.
So note to reviewers, take all with a grain of salt in both introducing
anf fixing information and make sure the tracking we do is correct.
Better stay safe on wrong side for now and keep it unfixed in case of
doupt.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -70,9 +70,15 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
TODO: check
CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
- TODO: check
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
- TODO: check
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
TODO: check
CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c981596f6f0e388865c6c14063b4a8538ef6601
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c981596f6f0e388865c6c14063b4a8538ef6601
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220101/b7fbf887/attachment.htm>
More information about the debian-security-tracker-commits
mailing list