Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1

To: David da Silva Polverari <david.polverari@gmail.com>, 1034736@bugs.debian.org
Subject: Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 23 Apr 2023 12:38:12 +0100
Message-id: <[🔎] 8d6cfc82dba4bb4a8adcfbcf840dea69a0c85063.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1034736@bugs.debian.org
In-reply-to: <[🔎] 168221472023.89744.6321369051187994956.reportbug@athena.olympus>
References: <[🔎] 168221472023.89744.6321369051187994956.reportbug@athena.olympus> <[🔎] 168221472023.89744.6321369051187994956.reportbug@athena.olympus>

Control: tags -1 + confirmed

On Sat, 2023-04-22 at 22:52 -0300, David da Silva Polverari wrote:
> Package: release.debian.org
> Severity: important
> 

As noted (and already fixed) "normal" was the correct choice here.

> A buffer overflow vulnerability exists in Pev 0.81 via the pe_exports
> function from exports.c. The array offsets_to_Names is dynamically
> allocated on the stack using exp->NumberOfFunctions as its size.
> However, the loop uses exp->NumberOfNames to iterate over it and set
> its
> components value. Therefore, the loop code assumes that
> exp->NumberOfFunctions is greater than ordinal at each iteration.
> This
> can lead to arbitrary code execution.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
  - From: David da Silva Polverari <david.polverari@gmail.com>

Prev by Date: Processed: Re: Bug#1034714: bullseye-pu: package php-nyholm-psr7/1.3.2-2+deb11u1
Next by Date: Processed: Re: Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
Previous by thread: Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
Next by thread: Processed: Re: Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
Index(es):
- Date
- Thread