I hereby claim:
- I am mahaloz on github.
- I am mahaloz (https://keybase.io/mahaloz) on keybase.
- I have a public key ASBpTQNGyDNgEiPMrg8EioC8SfToIKQg9PXrGmtZYt_fcgo
To claim this, I am signing this object:
Found by Paul Emge and Zion Basque at ForAllSecure | |
CVE-2019-13103: | |
There is a stack overflow when reading a DOS partition table which refers to itself. This causes part_get_info_extended to call itself repeatedly with the same arguments, causing unbounded stack growth. In the sandbox configuration, this results in a segfault. On QEMU's vexpress-a15 board, the CPU returns to 0 but continues executing NOPs until it hits data and executes it. By analyzing the code, it appears as if it affects all versions of u-boot in the archives. | |
CVE-2019-13104: | |
At ext4fs.c:74 it is possible for len to underflow while listing files in a crafted filesystem. If this happens, eventually there is a memcpy with a negative (so effectively infinite) length. This causes all of memory to be overwritten until, on the sandbox, it segfaults. On a real platform, I'm not sure what would happen, but there's definitely memory corruption. This affects versions 2016.11-rc1 through 2019.07-rc4. | |
CVE-2019-13105: | |
If there is an invalid/out-of bo |
I hereby claim:
To claim this, I am signing this object: