Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-12825: CVE-2020-12825: Stack overflow in cr_parser_parse_any_core in cr-parser.c (#8) · Issues · Archive / libcroco · GitLab

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

CVE
#linux#git#ssl

Too many recursion in function cr_parser_parse_any_core could cause stack overflow, if attacker provides many '('.

reproduce step:

  1. compile libcroco with ASAN
  2. run poc using command ./csslint-0.6 poc

poc: poc

result:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==34840==ERROR: AddressSanitizer: stack-overflow on address 0x7fff6fd36fe8 (pc 0x0000004d9119 bp 0x000000000048 sp 0x7
fff6fd36fc0 T0)
    #0 0x4d9118 in __sanitizer::StackDepotPut(__sanitizer::StackTrace) /home/casper/fuzz/fuzzdeps/llvm-9.0.0.src/proje
cts/compiler-rt/lib/sanitizer_common/sanitizer_stackdepot.cc:97
    #1 0x4255ad in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan:
:AllocType, bool) /home/casper/fuzz/fuzzdeps/llvm-9.0.0.src/projects/compiler-rt/lib/asan/asan_allocator.cc:509
    #2 0x4265b6 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) /home/casper/fuzz/fuzzdeps/llv
m-9.0.0.src/projects/compiler-rt/lib/asan/asan_allocator.cc:875
    #3 0x4a8883 in malloc /home/casper/fuzz/fuzzdeps/llvm-9.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc
:146
    #4 0x539891 in cr_token_new /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-token.c:138:18
    #5 0x53f30b in cr_tknzr_get_next_token /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-tknzr.c:2007:17
    #6 0x50db42 in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1179:18
    #7 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #8 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #9 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #10 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #11 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #12 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #13 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #14 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #15 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #16 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #17 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    #18 0x50e43f in cr_parser_parse_any_core /home/casper/targets/gramma/libcroco/afl/BUILD/src/cr-parser.c:1240:34
    ...

Edited May 13, 2020 by

Related news

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

Gentoo Linux Security Advisory 202208-33

Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907