---------- Forwarded message --------- From: shivam tiwari <shivam.tiwari00...@gmail.com> Date: Mon, Mar 24, 2025, 1:02 PM Subject: [PATCH] Fix Heap-use-after-free in hash_table_destroy To: <bug-wget@gnu.org>
Dear Wget Developers, This patch fixes a Heap-use-after-free vulnerability in the hash_table_destroy function. Vulnerability Details: Project: wget Fuzzing Engine: honggfuzz Fuzz Target: wget_options_fuzzer Job Type: honggfuzz_asan_wget Platform: Linux Crash Type: Heap-use-after-free READ 8 Issue Link: https://issues.oss-fuzz.com/issues/385180607 Description of Changes: The vulnerability was caused by accessing the hash table (ht) and its cells after they had been freed. To resolve this issue, the following changes were made: Function Affected: hash_table_destroy Resolution: After freeing ht->cells and ht, they are now set to NULL to ensure they are not accessed again.By setting ht and its cells to NULL after freeing them, we prevent any further access to the freed memory, thus fixing the Heap-use-after-free vulnerability. Thanks
0001-Fix-Heap-use-after-free-in-hash_table_destroy.patch
Description: Binary data
