-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test_spdm_responder_chunk_send_ack: Heap-buffer-overflow in libspdm_copy_mem #2631
Comments
The root cause is as following:
|
I think the root-cause of the copy mem overflow is as follows:
But the first chunk message should at least
It caused problem later -
Then it impacts copy_mem later.
|
Fix: DMTF#2631 Signed-off-by: Jiewen Yao <[email protected]>
Fix: #2631 Signed-off-by: Jiewen Yao <[email protected]>
@steven-bellock , do we need a CVE for this one? |
New issue 67585 by ClusterFuzz-External: libspdm:test_spdm_responder_chunk_send_ack: Heap-buffer-overflow in libspdm_copy_mem
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67585
Detailed Report: https://oss-fuzz.com/testcase?key=5274620108275712
Project: libspdm
Fuzzing Engine: libFuzzer
Fuzz Target: test_spdm_responder_chunk_send_ack
Job Type: libfuzzer_asan_libspdm
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x62b000006ebd
Crash State:
libspdm_copy_mem
libspdm_get_response_chunk_send
libspdm_get_response_chunk_send
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_libspdm&range=202403210612:202403220618
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5274620108275712
Ubuntu 20.04.2 LTS
clusterfuzz-testcase-minimized-test_spdm_responder_chunk_send_ack-5274620108275712.zip
The text was updated successfully, but these errors were encountered: