CVE-2022-40320 cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
This issue could result in denial of service or potentially arbitrary code execution. This issue has been assigned the CVE identifier CVE-2018-1499. LibConfuse is a debugging utility for Confuse, the distributed configuration management system. LibConfuse is used to dump the contents of variables and configuration files for debugging purposes. This application has been updated to fix a critical bug in the libConfuse library. In libConfuse 3.3, there is a heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_expand does not receive a length of zero, this will cause a buffer over-read and potentially cause denial of service. This has been fixed in libConfuse 3.4. In libConfuse 3.3, there is a possible heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_exp
LibConfuse 3.4
Release Notes
This release fixes the vulnerability CVE-2018-1499 in LibConfuse. This issue could result in denial of service or potentially arbitrary code execution.
Overview
- CVE-2018-1499: LibConfuse is a debugging utility for Confuse, the distributed configuration management system. LibConfuse is used to dump the contents of variables and configuration files for debugging purposes. This application has been updated to fix a critical bug in the libConfuse library. In libConfuse 3.3, there is a heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_expand does not receive a length of zero, this will cause a buffer over-read and potentially cause denial of service. This has been fixed in libConfuse 3.4 as well as all versions prior to 3.3
LibConfuse Library 3.3
CVE-2018-1499
This issue could result in denial of service or potentially arbitrary code execution. This issue has been assigned the CVE identifier CVE-2018-1499. LibConfuse is a debugging utility for Confuse, the distributed configuration management system. LibConfuse is used to dump the contents of variables and configuration files for debugging purposes. This application has been updated to fix a critical bug in the libConfuse library. In libConfuse 3.3, there is a heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_expand does not receive a length of zero, this will cause a buffer over-read and potentially cause denial of service. This has been fixed in libConfuse 3.4
Summary
In libConfuse 3.3, there is a heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_expand does not receive a length of zero, this will cause a buffer over-read and potentially cause denial of service. This has been fixed in libConfuse 3.4
Updated LibConfuse to 3.4
LibConfuse is a debugging utility for Confuse, the distributed configuration management system. LibConfuse is used to dump the contents of variables and configuration files for debugging purposes. This application has been updated to fix a critical bug in the libConfuse library. In libConfuse 3.3, there is a possible heap-based buffer over-read in the function cf_cfg_tilde_expand in confuse.c. When parsing a configuration file containing quotes, libConfuse will call cf_cfg_tilde_expand. Unfortunately, the cf_cfg_tilde_expand function does not verify the length of the input string. Assuming that cf_cfg_tilde_expand does not receive a length of zero, this will cause a buffer over-read and potentially cause denial of service. This has been fixed in libConfuse 3.4
Timeline
Published on: 09/09/2022 21:15:00 UTC
Last modified on: 09/21/2022 03:15:00 UTC
References
- https://github.com/libconfuse/libconfuse/issues/163
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJKHAPJ6AUWVP4HDGKH4M5A2XXWQI73O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BSAZK4KAWRWNAFUBBXOYU3PVNH3X7226/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40320