https://bugzilla.redhat.com/show_bug.cgi?id=2126075
Bug ID: 2126075 Summary: CVE-2021-40648 sys-apps/man2html: multiple vulnerabilities Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: ybuenos@redhat.com CC: epel-packagers-sig@lists.fedoraproject.org, orion@nwra.com, sergio@serjux.com, tchollingsworth@gmail.com, viktor.vix.jancik@gmail.com Target Milestone: --- Classification: Other
CVE-2021-40648:
In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933
https://bugzilla.redhat.com/show_bug.cgi?id=2126075
ybuenos@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2126816, 2126815
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2126815 [Bug 2126815] CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126816 [Bug 2126816] CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2126075
--- Comment #1 from ybuenos@redhat.com --- Created man2html tracking bugs for this issue:
Affects: epel-all [bug 2126815] Affects: fedora-all [bug 2126816]
https://bugzilla.redhat.com/show_bug.cgi?id=2126075
--- Comment #2 from Product Security DevOps Team prodsec-dev@redhat.com --- This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://bugzilla.redhat.com/show_bug.cgi?id=2126075
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |UPSTREAM Last Closed| |2022-11-26 13:25:33
https://bugzilla.redhat.com/show_bug.cgi?id=2126075 Bug 2126075 depends on bug 2126816, which changed state.
Bug 2126816 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126816
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
epel-packagers-sig@lists.fedoraproject.org