oss-sec mailing list archives

Two out of bounds reads in Zstandard / zstd

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 24 Oct 2015 17:54:10 +0200

https://blog.fuzzing-project.org/26-Two-out-of-bounds-reads-in-Zstandard-zstd.html

Zstandard or short zstd is a new compression algorithm and tool
developed by Yann Collet. Fuzzing zstd with american fuzzy lop and
address sanitizer uncovered two out of bounds reads.


Heap out of bounds read in function ZSTD_copy8:

https://crashes.fuzzing-project.org/zstd-oob-heap-ZSTD_copy8
Input sample

https://github.com/Cyan4973/zstd/issues/49
Upstream bug report

https://github.com/Cyan4973/zstd/commit/fc60883d42f7f860d4573e34b466eca632d57966
Git commit / fix


Stack out of bounds read in function HUF_readStats:

https://crashes.fuzzing-project.org/zstd-oob-stack-HUF_readStats
Input sample

https://github.com/Cyan4973/zstd/issues/50
Upstream bug report

https://github.com/Cyan4973/zstd/commit/3e8fbabfa8b16fa605038c68c8fac7fe29f4c78a
Git commit / fix


https://github.com/Cyan4973/zstd/releases/tag/zstd-0.2.1
The new zstd version 0.2.1 fixes both issues.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Two out of bounds reads in Zstandard / zstd Hanno Böck (Oct 24)
- Re: Two out of bounds reads in Zstandard / zstd cve-assign (Oct 29)