Hooloovoo deephooloovoo
deephooloovoo
/ cvedesc.txt
Last active
October 24, 2019 15:15
Description of CVE-2019-13103 through CVE-2019-13106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Found by Paul Emge and Zion Basque at ForAllSecure | |
| CVE-2019-13103: | |
| There is a stack overflow when reading a DOS partition table which refers to itself. This causes part_get_info_extended to call itself repeatedly with the same arguments, causing unbounded stack growth. In the sandbox configuration, this results in a segfault. On QEMU's vexpress-a15 board, the CPU returns to 0 but continues executing NOPs until it hits data and executes it. By analyzing the code, it appears as if it affects all versions of u-boot in the archives. | |
| CVE-2019-13104: | |
| At ext4fs.c:74 it is possible for len to underflow while listing files in a crafted filesystem. If this happens, eventually there is a memcpy with a negative (so effectively infinite) length. This causes all of memory to be overwritten until, on the sandbox, it segfaults. On a real platform, I'm not sure what would happen, but there's definitely memory corruption. This affects versions 2016.11-rc1 through 2019.07-rc4. | |
| CVE-2019-13105: | |
| If there is an invalid/out-of bo |