Public bug reported: The program copies strings from argv into fixed size heap buffers with unchecked strcpy.
https://salsa.debian.org/debian/usbrelay/blob/master/usbrelay.c#L60 $ usbrelay 1111111111 *** buffer overflow detected ***: usbrelay terminated Aborted (core dumped) $ lsb_release -rd Description: Ubuntu 18.04.2 LTS Release: 18.04 $ apt-cache policy usbrelay usbrelay: Installed: 0.2-1build1 Candidate: 0.2-1build1 Version table: *** 0.2-1build1 500 500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ubuntu-release-upgrader-core 1:18.04.34 ProcVersionSignature: Ubuntu 4.18.0-25.26~18.04.1-generic 4.18.20 Uname: Linux 4.18.0-25-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.7 Architecture: amd64 CrashDB: ubuntu CurrentDesktop: KDE Date: Wed Jul 24 11:36:41 2019 InstallationDate: Installed on 2019-06-10 (43 days ago) InstallationMedia: Kubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) PackageArchitecture: all SourcePackage: ubuntu-release-upgrader Symptom: release-upgrade UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: ubuntu-release-upgrader (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic dist-upgrade -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837755 Title: usbrelay buffer overflows from argv To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1837755/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
