Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

unrar-free: CVE-2017-14121: null pointer dereference

Related Vulnerabilities: CVE-2017-14121   CVE-2017-14122  

Source

Debian Bug report logs - #874061
unrar-free: CVE-2017-14121: null pointer dereference

version graph

Package: src:unrar-free; Maintainer for src:unrar-free is Ying-Chun Liu (PaulLiu) <paulliu@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 2 Sep 2017 15:24:02 UTC

Severity: grave

Tags: security, upstream

Found in version unrar-free/1:0.0.1+cvs20140707-1

Fixed in version unrar-free/1:0.0.1+cvs20140707-4

Done: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ying-Chun Liu (PaulLiu) <paulliu@debian.org>:
Bug#874061; Package src:unrar-free. (Sat, 02 Sep 2017 15:24:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ying-Chun Liu (PaulLiu) <paulliu@debian.org>. (Sat, 02 Sep 2017 15:24:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unrar-free: null pointer dereference
Date: Sat, 02 Sep 2017 17:21:10 +0200
[Message part 1 (text/plain, inline)]
Source: unrar-free
Version: 1:0.0.1+cvs20140707-1
Severity: grave
Tags: security upstream

Hi

From http://www.openwall.com/lists/oss-security/2017/08/20/1


Issue 3: Null pointer

A malformed input file can cause a null pointer read.

==3328==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00000051ed2c bp 0x000000278b18 sp 0x7fffc410e300 T0)
==3328==The signal is caused by a READ memory access.
==3328==Hint: address points to the zero page.
    #0 0x51ed2b in DecodeNumber /f/unrar-gpl/unrar/src/unrarlib.c:1649:16
    #1 0x5186f5 in Unpack /f/unrar-gpl/unrar/src/unrarlib.c:1148:4
    #2 0x511c47 in ExtrFile /f/unrar-gpl/unrar/src/unrarlib.c:799:10
    #3 0x510b02 in urarlib_get /f/unrar-gpl/unrar/src/unrarlib.c:303:13
    #4 0x50b249 in unrar_extract_file /f/unrar-gpl/unrar/src/unrar.c:343:8
    #5 0x50be32 in unrar_extract /f/unrar-gpl/unrar/src/unrar.c:483:9
    #6 0x50c69c in main /f/unrar-gpl/unrar/src/unrar.c:556:14
    #7 0x7f0a337df4f0 in __libc_start_main (/lib64/libc.so.6+0x204f0)
    #8 0x419e19 in _start (/r/unrar-gpl/unrar+0x419e19)

Regards,
Salvatore

[unrar-gpl-nullptr.rar (application/x-rar, attachment)]

Changed Bug title to 'unrar-free: CVE-2017-14121: null pointer dereference' from 'unrar-free: null pointer dereference'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 04 Sep 2017 04:18:03 GMT) (full text, mbox, link).

Information stored :
Bug#874061; Package src:unrar-free. (Sun, 15 Oct 2017 17:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to "Ying-Chun Liu (PaulLiu)" <paulliu@debian.org>:
Extra info received and filed, but not forwarded. (Sun, 15 Oct 2017 17:03:05 GMT) (full text, mbox, link).

Message #12 received at 874061-quiet@bugs.debian.org (full text, mbox, reply):

From: "Ying-Chun Liu (PaulLiu)" <paulliu@debian.org>
To: 874061-quiet@bugs.debian.org
Subject: Re: unrar-free: CVE-2017-14121: null pointer dereference
Date: Mon, 16 Oct 2017 00:58:50 +0800
[Message part 1 (text/plain, inline)]
Hi,

I've fixed this bug. Please see the attachment. The patch and the
autopkgtest scripts.

Yours,
Paul

-- 
                                PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

[0003-CVE-2017-14121.patch (text/x-patch, attachment)]
[0004-CVE-2017-14121 (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Reply sent to Ying-Chun Liu (PaulLiu) <paulliu@debian.org>:
You have taken responsibility. (Sun, 15 Oct 2017 17:21:17 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sun, 15 Oct 2017 17:21:17 GMT) (full text, mbox, link).

Message #17 received at 874061-close@bugs.debian.org (full text, mbox, reply):

From: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
To: 874061-close@bugs.debian.org
Subject: Bug#874061: fixed in unrar-free 1:0.0.1+cvs20140707-4
Date: Sun, 15 Oct 2017 17:20:20 +0000
Source: unrar-free
Source-Version: 1:0.0.1+cvs20140707-4

We believe that the bug you reported is fixed in the latest version of
unrar-free, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 874061@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ying-Chun Liu (PaulLiu) <paulliu@debian.org> (supplier of updated unrar-free package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Oct 2017 00:46:04 +0800
Source: unrar-free
Binary: unrar-free
Architecture: source amd64
Version: 1:0.0.1+cvs20140707-4
Distribution: unstable
Urgency: low
Maintainer: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Changed-By: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Description:
 unrar-free - Unarchiver for .rar files
Closes: 724295 874060 874061
Changes:
 unrar-free (1:0.0.1+cvs20140707-4) unstable; urgency=low
 .
   * Fix CVE-2017-14122 (Closes: #874060)
     - debian/patches/0002-CVE-2017-14122.patch
   * Add autopkgtest for testing CVE-2017-14122
   * Fix CVE-2017-14121 (Closes: #874061)
     - debian/patches/0003-CVE-2017-14121.patch
   * Add autopkgtest for testing CVE-2017-14121
   * Fix compatibility for -y option (Closes: #724295)
     - debian/patches/0004-unrar-nonfree-compat-ignored-options.patch
     - Thanks to Dominik George <nik@naturalnet.de>
   * Bump Standards-Version to 4.1.1: Nothing needs to be changed
Checksums-Sha1:
 ee918fcd8e93bbd251b9ff3a58ec555c3c4840f4 1994 unrar-free_0.0.1+cvs20140707-4.dsc
 b20bba1496e45edbd5668b4c30916e61c91bffe8 8016 unrar-free_0.0.1+cvs20140707-4.debian.tar.xz
 0e31a6b1a90aa3723e7d8474e05e56f416299be6 38966 unrar-free-dbgsym_0.0.1+cvs20140707-4_amd64.deb
 94ded45816828c4c96cab5c51a1b751278d5ed7b 6264 unrar-free_0.0.1+cvs20140707-4_amd64.buildinfo
 ce388783311931beae64536f193b4c1674939454 25132 unrar-free_0.0.1+cvs20140707-4_amd64.deb
Checksums-Sha256:
 6424e3673e8306e623da65b7562c4fbb5cb4ab45756d4a1b690ded3b955813d4 1994 unrar-free_0.0.1+cvs20140707-4.dsc
 4727e63baed3d254d80be9fe6dc77791d1d16dadc31110004d0ee9b74fda097e 8016 unrar-free_0.0.1+cvs20140707-4.debian.tar.xz
 a5a0ac29d95c28fb035bde6bc675727290d2afca01aeb95372b5cdecb0f0a937 38966 unrar-free-dbgsym_0.0.1+cvs20140707-4_amd64.deb
 ea5b558efd8f8f53abf4938634404d89b315474eca582fcd049e42ecec74e11b 6264 unrar-free_0.0.1+cvs20140707-4_amd64.buildinfo
 8b2113d348e065ce71cffab1e15d86102d242efd082d692a9818914d9f8ca36b 25132 unrar-free_0.0.1+cvs20140707-4_amd64.deb
Files:
 4523caa1dc452616bcd4a74e5ec7475c 1994 utils optional unrar-free_0.0.1+cvs20140707-4.dsc
 52ca7a540d24eb54b6468c5bf56c475e 8016 utils optional unrar-free_0.0.1+cvs20140707-4.debian.tar.xz
 62e251264613e0feaed10e328f606d63 38966 debug optional unrar-free-dbgsym_0.0.1+cvs20140707-4_amd64.deb
 4f40fd721844bb0431980599af9182ca 6264 utils optional unrar-free_0.0.1+cvs20140707-4_amd64.buildinfo
 9d31bb0d4d714a8e2fb25bc01fd25f6f 25132 utils optional unrar-free_0.0.1+cvs20140707-4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEo2h49GQQhoFgDLZIRBc/oT0FiIgFAlnjlPgTHHBhdWxsaXVA
ZGViaWFuLm9yZwAKCRBEFz+hPQWIiP9WEACxXokNhO2ES/x0wwCQtsHLuRwt9yeA
xNApQyBaW1g8H76IP5d8UI+W2YBlINVQCaR6dVitaKN/VrNevF/XxAvN9WHWcF2/
rShoFnPCG/6IGldL1jzfH7hUku3VnZcHUuIDABwuej8GPxWxVEBRlHpbwul2oPjR
UMKJYrZ72pH9EHmyYY4MHC0tR697M4/O37AUwBrP+WvTW5auPFIMMjXTa4gJLB+Z
Vx7tID01rWE40bYXG4GFTJtKKXU2isR2MEnb2mOEfgg5AZrruuTfVRjotz5VL35f
lHh5GK9hve8aQG/ZXkuZV7wogweAwPV9FoBwiaURS8W+oUkD5shNSV8JVIL1hD8K
QEe6p0EoVwWd6jklIKJ/UrHybjCd5Yqrmf8NZeGnqFwjt+ophvN16wl+1Bfw4rCh
7C27KYG6smFEn6nnV3BWyGA6z/NdpLukzJbXwD4yOVJLQWoWt5VjZUP/m5dRiSOx
5Ft4FhYGiY4XplHVyLZFG30Oy56rvBxiwBSB+UBhI07aVonkb2LEwzILnmJZLVuy
S2d8LZDC19DSXwCmJ7XbrX3m7Am4HCZIIBmvmXFVhN0BNwQ2f7D5FCJLn0Uc/S/v
5vQaapM3Zn/Wzv4Ed43IuWVE4hf0IMjZzp1rFgkugTkM2fWSGWCjB+l4YnmpaeNr
7HO3S9hjXxWMPQ==
=BgoE
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:42:06 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started