Hi Santiago, hi Moritz, On Mon, Mar 19, 2018 at 06:20:44PM +0100, Santiago Vila wrote: > On Mon, Mar 19, 2018 at 05:58:04PM +0100, Moritz Muehlenhoff wrote: > > Source: sharutils > > Severity: grave > > Tags: security > > > > This has been assigned CVE-2018-1000097: > > http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00004.html > > > > Proposed patch at: > > http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html > > Thanks for the report. Simple question: Is this the same problem as this one? > > http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00003.html > > or there will be another different CVE for that?
That's an issue on it's own, but I do not think it has a CVE assigned yet. The most recent assigned CVE is for the msg00004.html message, which was adressed with the proposed fix (and can be verified with the reproducer which first needs to be extracted). The issue from the msg00003.html is in src/unshar.c 391 for (;;) 392 { 393 size_t len = fread (rw_buffer, 1, rw_base_size, file); 394 if (len == 0) 395 break; 396 fwrite (rw_buffer, 1, len, shell_fp); 397 } specifically at the write in line 396. There is no reply on https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00003.html so either it has been lost or ignored, might be worth reping the mail. Regards, Salvatore