[Git][security-tracker-team/security-tracker][master] Add two oss-fuzz related issues for libbpf

Sat, 01 Jan 2022 00:56:02 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c981596 by Salvatore Bonaccorso at 2022-01-01T09:54:03+01:00
Add two oss-fuzz related issues for libbpf

As with the already looked reports, not really helpful information as
e.g. introducing commits are mostly related to when oss-fuzzing started.
So note to reviewers, take all with a grain of salt in both introducing
anf fixing information and make sure the tracking we do is correct.

Better stay safe on wrong side for now and keep it unfixed in case of
doupt.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70,9 +70,15 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based 
buffer overflow in PCI
 CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow 
in Imf_3_ ...)
        TODO: check
 CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 
bytes) in _ ...)
-       TODO: check
+       - libbpf <unfixed>
+       NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
+       NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
+       TODO: check details on fixing commit upstream, furthermore intorducing 
commit is only when oss-fuzz started
 CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 
bytes) in _ ...)
-       TODO: check
+       - libbpf <unfixed>
+       NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
+       NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
+       TODO: check details on fixing commit upstream, furthermore intorducing 
commit is only when oss-fuzz started
 CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in 
MqttClient_De ...)
        TODO: check
 CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in 
MqttClient_De ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c981596f6f0e388865c6c14063b4a8538ef6601

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c981596f6f0e388865c6c14063b4a8538ef6601
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to