Headline
CVE-2023-50495: Segment fault in tic
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
From:
Ziqiao Kong
Subject:
Segment fault in tic
Date:
Sun, 23 Apr 2023 22:32:39 +0200
Hello,
Our fuzzer finds a segment fault for tic.
Steps to reproduce:
``` wget -c "https://invisible-island.net/archives/ncurses/current/ncurses-6.4-20230418.tgz"; tar xf ncurses-6.4-20230418.tgz cd ncurses-6.4-20230418 ./configure --enable-debug && make -j ./progs/tic -x -s /work/tmpfs/poc ```
Backtrace from gdb:
``` Program received signal SIGSEGV, Segmentation fault. 0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x0000557b0635df11 in _nc_wrap_entry () #2 0x0000557b063584d0 in _nc_parse_entry () #3 0x0000557b06354ee4 in _nc_read_entry_source () #4 0x0000557b0633b4d6 in main () (gdb) ```
Environment:
``` [afl++ 72a1b4591f81] /ncurses-6.4-20230418 # uname -a Linux 72a1b4591f81 5.4.0-147-generic #164-Ubuntu SMP Tue Mar 21 14:23:17 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux [afl++ 72a1b4591f81] /ncurses-6.4-20230418 # cat /etc/issue Ubuntu 22.04.2 LTS \n \l
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # gcc --version gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0 Copyright © 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # g++ --version g++ (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0 Copyright © 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # ld --version GNU ld (GNU Binutils for Ubuntu) 2.38 Copyright © 2022 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License version 3 or (at your option) a later version. This program has absolutely no warranty. [afl++ 72a1b4591f81] /ncurses-6.4-20230418 # ```
Attached below is the poc file.
Thanks in advance!
Bests, Ziqiao
poc.tar.xz
Description: application/xz
Segment fault in tic, Ziqiao Kong <=
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
- Re: Segment fault in tic, Ziqiao Kong, 2023/04/23
- Re: Segment fault in tic, Ziqiao Kong, 2023/04/23
- Re: Segment fault in tic, Thomas Dickey, 2023/04/24
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
Prev by Date: no patch tonight
Next by Date: Re: Segment fault in tic
Previous by thread: no patch tonight
Next by thread: Re: Segment fault in tic
Index(es):
- Date
- Thread
Related news
Ubuntu Security Notice 6684-1 - It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service.