https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Bug ID: 1433985 Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: aortega@redhat.com, apevec@redhat.com, ayoung@redhat.com, chrisw@redhat.com, cvsbot-xmlrpc@redhat.com, erlang@lists.fedoraproject.org, jeckersb@redhat.com, jjoyce@redhat.com, jschluet@redhat.com, kbasil@redhat.com, lemenkov@gmail.com, lhh@redhat.com, lpeer@redhat.com, markmc@redhat.com, plemenko@redhat.com, rbryant@redhat.com, rhbugs@n-dimensional.de, rjones@redhat.com, sclewis@redhat.com, s@shk.io, tdecacqu@redhat.com
An issue was discovered in Erlang/OTP Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
References:
https://github.com/erlang/otp/pull/1108
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,rhscon-2/erlang |ng=affected,openstack-5/erl |=new,openstack-5/erlang=new |ang=new,openstack-6/erlang= |,openstack-6/erlang=new,ope |new,openstack-7/erlang=new, |nstack-7/erlang=new,opensta |openstack-8/erlang=new,open |ck-8/erlang=new,openstack-9 |stack-9/erlang=new,openstac |/erlang=new,openstack-10/er |k-10/erlang=new,openstack-1 |lang=new,openstack-11/erlan |1/erlang=new |g=new |
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1433986 Depends On| |1433988 Depends On| |1433989
--- Comment #1 from Andrej Nemec anemec@redhat.com ---
Created erlang tracking bugs for this issue:
Affects: fedora-all [bug 1433986] Affects: epel-6 [bug 1433988] Affects: epel-7 [bug 1433989]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1433986 [Bug 1433986] CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433988 [Bug 1433988] CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1433989 [Bug 1433989] CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1433990 Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,openstack-5/erl |ng=affected,openstack-5/erl |ang=new,openstack-6/erlang= |ang=new,openstack-6/erlang= |new,openstack-7/erlang=new, |new,openstack-7/erlang=new, |openstack-8/erlang=new,open |openstack-8/erlang=new,open |stack-9/erlang=new,openstac |stack-9/erlang=new,openstac |k-10/erlang=new,openstack-1 |k-10/erlang=new,openstack-1 |1/erlang=new |1/erlang=new,rhscon-2/erlan | |g=new
https://bugzilla.redhat.com/show_bug.cgi?id=1433985 Bug 1433985 depends on bug 1433988, which changed state.
Bug 1433988 Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1433988
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=1433985 Bug 1433985 depends on bug 1433988, which changed state.
Bug 1433988 Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1433988
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Resolution|NOTABUG |---
https://bugzilla.redhat.com/show_bug.cgi?id=1433985 Bug 1433985 depends on bug 1433986, which changed state.
Bug 1433986 Summary: CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433986
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Garth Mollett gmollett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,openstack-5/erl |ng=affected,openstack-5/erl |ang=new,openstack-6/erlang= |ang=wontfix,openstack-6/erl |new,openstack-7/erlang=new, |ang=wontfix,openstack-7/erl |openstack-8/erlang=new,open |ang=wontfix,openstack-8/erl |stack-9/erlang=new,openstac |ang=wontfix,openstack-9/erl |k-10/erlang=new,openstack-1 |ang=wontfix,openstack-10/er |1/erlang=new,rhscon-2/erlan |lang=wontfix,openstack-11/e |g=new |rlang=wontfix,rhscon-2/erla | |ng=new
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Garth Mollett gmollett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,openstack-5/erl |ng=affected,openstack-5/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-10/er |ang=wontfix,openstack-10/er |lang=wontfix,openstack-11/e |lang=wontfix,openstack-11/e |rlang=wontfix,rhscon-2/erla |rlang=wontfix,rhscon-2/erla |ng=new |ng=new,openstack-12/erlang= | |affected
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Garth Mollett gmollett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1467165
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Garth Mollett gmollett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gmollett@redhat.com Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,openstack-5/erl |ng=affected,openstack-5/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-10/er |ang=wontfix,openstack-10/er |lang=wontfix,openstack-11/e |lang=wontfix,openstack-11/e |rlang=wontfix,rhscon-2/erla |rlang=wontfix,rhscon-2/erla |ng=new,openstack-12/erlang= |ng=new,openstack-12/erlang= |affected |notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1433985
Siddharth Sharma sisharma@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sisharma@redhat.com Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0619,reported=20170318,sour |0619,reported=20170318,sour |ce=cve,cvss3=4.4/CVSS:3.0/A |ce=cve,cvss3=4.4/CVSS:3.0/A |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |V:L/AC:L/PR:L/UI:N/S:U/C:L/ |I:L/A:N,cwe=CWE-122,fedora- |I:L/A:N,cwe=CWE-122,fedora- |all/erlang=affected,epel-6/ |all/erlang=affected,epel-6/ |erlang=affected,epel-7/erla |erlang=affected,epel-7/erla |ng=affected,openstack-5/erl |ng=affected,openstack-5/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-6/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-7/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-8/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-9/erl |ang=wontfix,openstack-10/er |ang=wontfix,openstack-10/er |lang=wontfix,openstack-11/e |lang=wontfix,openstack-11/e |rlang=wontfix,rhscon-2/erla |rlang=wontfix,rhscon-2/erla |ng=new,openstack-12/erlang= |ng=wontfix,openstack-12/erl |notaffected |ang=notaffected
erlang@lists.fedoraproject.org
-
bugzilla@redhat.com