Hi,
Regarding CVE-2017-12941 and CVE-2017-12942, unrar-5.5.6 is affected.
There is a fixed version of unrar-5.5.7. I am asking:
[1] are the CVEs known to affect any versions of clamav, if so which
versions are not affected?
[2] These are the vulnerable code examples:
#Vulnerable unrar function (CVE-2017-12941)
int DistNumber=DecodeNumber(Inp,&BlockTables.DD);
unsigned int Distance=DDecode[DistNumber]+1;
# Vulnerable unpack longlz (CVE-2017-12942)
//ChSetB[DistancePlace]=ChSetB[NewDistancePlace];
--------------------------------------------------
I found this in clamav 0.100.0:
## ClamAV code: unpack20.c
//int rar_unpack20(int fd, int solid, unpack_data_t *unpack_data)
{ ...
unsigned int bits, distance;
dist_number = rar_decode_number(unpack_data, (struct Decode
*)&unpack_data->DD);
distance = ddecode[dist_number] + 1
#ClamAV unpack longlz
//static void long_lz(unpack_data_t *unpack_data)
unpack_data->chsetb[distance_place & 0xff]
chsetb[new_distance_place & 0xff] = distance;
chsetb[distance_place & 0xff] = unpack_data->chsetb[new_distance_place
& 0xff];
it isn't clear to me (as I cannot read C code very well) if these are
indeed affected by the CVEs mentioned above. Any one able to clarify?
[3] Any commits one can point me to for varification of changes if any?
Thank you and apologies if this is old or redundant news already
resolved.
Referece: http://seclists.org/oss-sec/2017/q3/290
domhnall
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
