Your message dated Sat, 20 Jun 2026 18:33:57 +0000
with message-id <[email protected]>
and subject line Bug#1137251: fixed in braa 0.82-9
has caused the Debian Bug report #1137251,
regarding braa: out-of-bounds stack read via crafted BER length in braaasn.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137251
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: braa
Version: 0.82-7
Severity: grave
Tags: security
braa 0.82 contains an out-of-bounds stack read in braa_InternalDecodeBER()
(braaasn.c). When parsing a BER long-form length field, the code reads
length bytes without checking that the buffer contains enough data:
int noct = len & 0x7f; /* attacker-controlled: 0-127 */
for(j = 0; j < noct; j++)
len |= data[j + 1]; /* NO bounds check - reads beyond packet */
A 3-byte crafted UDP SNMP response (SEQUENCE tag, len=0xff, 1 data byte)
causes the loop to read up to 125 bytes beyond the stack-allocated receive
buffer pbuff[] (queries.c:502), disclosing adjacent stack memory.
The fix is present in upstream 0.9.1:
https://github.com/mteg/braa/releases/tag/v0.9.1
The package should be updated from 0.82-7 to 0.9.1.
Note: 0.9.1 still contains an uninitialized variable 'compl' when parsing
negative integers with len > 4 (braaasn.c), but this has no memory safety
impact.
Reported by: Igor Garofano <[email protected]>
Coordinated with: Moritz Muehlenhoff <[email protected]>
*Igor Garofano*
Cyber Security Specialist
*+39-3922283057*
*EC-council CTIA, CEH v10, CHFI, ITIL v3, Splunk, IBM Qradar Siem
Foundation, Oracle Cloud Architect Associate, **Google Cloud Architect,**
NSE4.*
--- End Message ---
--- Begin Message ---
Source: braa
Source-Version: 0.82-9
Done: Sven Geuer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
braa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated braa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Jun 2026 19:55:41 +0200
Source: braa
Architecture: source
Version: 0.82-9
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1137251
Changes:
braa (0.82-9) unstable; urgency=medium
.
* Team upload.
* d/p/*: Add patch to fix out-of-bounds stack read via crafted BER length.
(Closes: #1137251)
Checksums-Sha1:
c7917f432cb6cabc15a404a835bcfe918ea580b7 1875 braa_0.82-9.dsc
1849abc72563a5aa0380944ea8e2a025d3ef44f2 6644 braa_0.82-9.debian.tar.xz
89d1e100886c142ebee79c15cacbd99314c184a0 5634 braa_0.82-9_amd64.buildinfo
Checksums-Sha256:
b89791817934d957794eda75b4f8365a49f2cf36bc5ce9ce190eaf309299c724 1875
braa_0.82-9.dsc
94ddc30eee43dbccd026411e032c97767622b630ad8619d1f9df850f839ab34d 6644
braa_0.82-9.debian.tar.xz
bc54144e3bc1abb62ddaf71299bdf2a182d0968cc0ffe78c5a0f0b4884aa30f7 5634
braa_0.82-9_amd64.buildinfo
Files:
521e607386546143d8205d2aef20e977 1875 net optional braa_0.82-9.dsc
af3443a0385228ef924ba213e99d4a78 6644 net optional braa_0.82-9.debian.tar.xz
1d0e6a872eb4e44171c8449b34e6ae5b 5634 net optional braa_0.82-9_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmo21wYPHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFsv0P/juP+PO9mp9QNFO1aUygo6q34RC1kxa+Vwhq
mmxMJMGJL1pffbHbZpG1fE/7eLkC+KhBPIULu+rTYa3am+usdIqly5eS5hkNl6EK
P01Na85DaSdK6XDsSU91hZ+VCejVZUDHId6xaLso46XIyZZZc0IQQLzaaUhLwJmH
B7sognf+qNSTFMGPHfQGDKyNr3ihINw4R3WGgNQ8M4riRGLn70XFtu+EwiprpF2f
LvK+dfDn6LhXXLYlelDSN4DRMvGkS8swzdxvsh9axT6Az5iGtdrCQsB3466+fhI0
XfjSWi5a63//bA3nKbqyJYhFtSB58jqRkpCU5koMLlHFyBzZx29/iLCFAd3x52OC
X3tNYi2yJGRT3fX2f4muGYtc5UQgW7hJPCXUJNtJwwEDmJ3Tmf3uDfvCBQrG8d/y
8PpUYC4AvtTMD6ch/6T8EZJPnXXE2UVyrsEo3l9IuSLFMzSfPFqNJ6Cf4K8tAmIc
DF1lNFk7DPCU1gUFTyGKNULliG9MLn0VqM8jfylFc+EI3h9t2qrq/JMXFPJ+fCXB
vIazJmJaZ+7Hf3EscajBr5ar+2BwJ4L0czISricOEZnwMySjbWgdueUFHnsjEbr6
x4Xavj3TLcuLykAcPOAvv27NSHkmDAzU9IumKjNseLt9ib5bgHa3H9WlCQsJY8xc
okBAIK9k
=Tfkr
-----END PGP SIGNATURE-----
pgp5nGnumNRMs.pgp
Description: PGP signature
--- End Message ---
