lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cdec3664-1981-eb40-283d-3dec9e151f1a@gmail.com>
Date: Wed, 14 Feb 2024 17:25:34 +1100
From: Matthew Fernandez <matthew.fernandez@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file



On 1/27/24 10:15, Matthew Fernandez wrote:
> 
> 
> On 1/20/24 15:07, Meng Ruijie wrote:
>> [Vulnerability description]
>> Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote 
>> attacker to execute arbitrary code via a crafted config6a file.
>>
>> [Vulnerability Type]
>> Buffer Overflow
> 
> More specifically, this issue is an out-of-bounds read.
> 
>> [Vendor of Product]
>> graphviz
>>
>> [Affected Product Code Base]
>> graphviz - 2.43.0
> 
> AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed 
> in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially 
> reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the 
> issue), but there has been no release yet since then. The next release 
> will be 10.0.0. So affected versions would be [2.36, 10.0.0).

The fix for this ended up landing in Graphviz 10.0.1, available at 
https://graphviz.org/download/.

Details of this CVE (CVE-2023-46045) are now published, but the CPEs are 
incomplete. For those who track such things, the affected range is 
[2.36.0, 10.0.1).
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists