mirror of git://sourceware.org/git/glibc.git
26 lines
1.3 KiB
Plaintext
26 lines
1.3 KiB
Plaintext
assert: Buffer overflow when printing assertion failure message
|
|
|
|
When the assert() function fails, it does not allocate enough space for the
|
|
assertion failure message string and size information, which may lead to a
|
|
buffer overflow if the message string size aligns to page size.
|
|
|
|
This bug can be triggered when an assertion in a program fails. The assertion
|
|
failure message is allocated to allow developers to see this failure in core
|
|
dumps and it typically includes, in addition to the invariant assertion
|
|
string and function name, the name of the program. If the name of the failing
|
|
program is user controlled, for example on a local system, this could allow an
|
|
attacker to control the assertion failure to trigger this buffer overflow.
|
|
|
|
The only viable vector for exploitation of this bug is local, if a setuid
|
|
program exists that has an existing bug that results in an assertion failure.
|
|
No such program has been discovered at the time of publishing this advisory,
|
|
but the presence of custom setuid programs, although strongly discouraged as a
|
|
security practice, cannot be discounted.
|
|
|
|
CVE-Id: CVE-2025-0395
|
|
Public-Date: 2025-01-22
|
|
Vulnerable-Commit: f8a3b5bf8fa1d0c43d2458e03cc109a04fdef194 (2.13-175)
|
|
Fix-Commit: 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578 (2.41)
|
|
Fix-Commit: 7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-66)
|
|
Reported-By: Qualys Security Advisory
|