lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <cdec3664-1981-eb40-283d-3dec9e151f1a@gmail.com> Date: Wed, 14 Feb 2024 17:25:34 +1100 From: Matthew Fernandez <matthew.fernandez@...il.com> To: fulldisclosure@...lists.org Subject: Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file On 1/27/24 10:15, Matthew Fernandez wrote: > > > On 1/20/24 15:07, Meng Ruijie wrote: >> [Vulnerability description] >> Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote >> attacker to execute arbitrary code via a crafted config6a file. >> >> [Vulnerability Type] >> Buffer Overflow > > More specifically, this issue is an out-of-bounds read. > >> [Vendor of Product] >> graphviz >> >> [Affected Product Code Base] >> graphviz - 2.43.0 > > AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed > in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially > reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the > issue), but there has been no release yet since then. The next release > will be 10.0.0. So affected versions would be [2.36, 10.0.0). The fix for this ended up landing in Graphviz 10.0.1, available at https://graphviz.org/download/. Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1). _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists