[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #61053] Potential Integer Overflow vulnerabili
|
From: |
anonymous |
|
Subject: |
[Octave-bug-tracker] [bug #61053] Potential Integer Overflow vulnerability in src/svm.cpp |
|
Date: |
Tue, 17 Aug 2021 22:32:56 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 |
URL:
<https://savannah.gnu.org/bugs/?61053>
Summary: Potential Integer Overflow vulnerability in
src/svm.cpp
Project: GNU Octave
Submitted by: None
Submitted on: Wed 18 Aug 2021 02:32:54 AM UTC
Category: Octave Function
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Incorrect Result
Status: None
Assigned to: None
Originator Name: SubinKim
Originator Email:
Open/Closed: Open
Release: other
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
Hi, I found some integer overflow bug in the source code of octave-nan 3.4.5.
In src/svm.cpp,
77 #define Malloc(type,n) (type *)malloc((n)*sizeof(type))
2869 FSCANF(fp,"%d",&model->l);
2984 int l = model->l;
2988 model->sv_coef[i] = Malloc(double,l);
The program reads the value of l from an input file and calls malloc with l.
If a maliciously crafted input that sets l * 8 that will cause an integer
overflow, the allocation with wrong value leads to buggy behavior like denial
of service.
Thank you.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?61053>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #61053] Potential Integer Overflow vulnerability in src/svm.cpp,
anonymous <=