Headline
CVE-2021-36087: oss-fuzz-vulns/OSV-2021-585.yaml at main · google/oss-fuzz-vulns
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
Permalink
Cannot retrieve contributors at this time
id: OSV-2021-585
summary: Heap-buffer-overflow in ebitmap_match_any
details: |
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
Crash type: Heap-buffer-overflow READ 8
Crash state:
ebitmap_match_any
avtab_map
cil_check_neverallow
modified: ‘2021-07-21T22:18:09.393198Z’
published: ‘2021-03-31T00:00:26.273923Z’
references:
- type: REPORT
url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
affected:
- package:
name: selinux
ecosystem: OSS-Fuzz
ranges:
- type: GIT
repo: https://github.com/SELinuxProject/selinux
events:
- introduced: 0451adebdf153eee1f69914141311114a0130982
- fixed: 340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
versions:
- ‘3.2’
- 3.2-rc3
- checkpolicy-3.2
- checkpolicy-3.2-rc3
- libselinux-3.2
- libselinux-3.2-rc3
- libsemanage-3.2
- libsemanage-3.2-rc3
- libsepol-3.2
- libsepol-3.2-rc3
- mcstrans-3.2
- mcstrans-3.2-rc3
- policycoreutils-3.2
- policycoreutils-3.2-rc3
- restorecond-3.2
- restorecond-3.2-rc3
- secilc-3.2
- secilc-3.2-rc3
- selinux-dbus-3.2
- selinux-dbus-3.2-rc3
- selinux-gui-3.2
- selinux-gui-3.2-rc3
- selinux-python-3.2
- selinux-python-3.2-rc3
- selinux-sandbox-3.2
- selinux-sandbox-3.2-rc3
- semodule-utils-3.2
- semodule-utils-3.2-rc3
ecosystem_specific:
fixed_range: d1a34d3f1df5e90c9e01fcd9791c26db89064a7e:340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
severity: MEDIUM