I hereby claim:
- I am mahaloz on github.
- I am mahaloz (https://keybase.io/mahaloz) on keybase.
- I have a public key ASBpTQNGyDNgEiPMrg8EioC8SfToIKQg9PXrGmtZYt_fcgo
To claim this, I am signing this object:
Zion Leonahenahe Basque mahaloz
mahaloz
/ keybase.md
Created
January 17, 2020 22:54
mahaloz
/ cvedesc.txt
Last active
October 22, 2019 18:31
— forked from deephooloovoo/cvedesc.txt
Description of CVE-2019-13103 through CVE-2019-13106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Found by Paul Emge and Zion Basque at ForAllSecure | |
| CVE-2019-13103: | |
| There is a stack overflow when reading a DOS partition table which refers to itself. This causes part_get_info_extended to call itself repeatedly with the same arguments, causing unbounded stack growth. In the sandbox configuration, this results in a segfault. On QEMU's vexpress-a15 board, the CPU returns to 0 but continues executing NOPs until it hits data and executes it. By analyzing the code, it appears as if it affects all versions of u-boot in the archives. | |
| CVE-2019-13104: | |
| At ext4fs.c:74 it is possible for len to underflow while listing files in a crafted filesystem. If this happens, eventually there is a memcpy with a negative (so effectively infinite) length. This causes all of memory to be overwritten until, on the sandbox, it segfaults. On a real platform, I'm not sure what would happen, but there's definitely memory corruption. This affects versions 2016.11-rc1 through 2019.07-rc4. | |
| CVE-2019-13105: | |
| If there is an invalid/out-of bo |