Lucene search

Veracode Vulnerability DatabaseVERACODE:21077

HistoryAug 08, 2019 - 12:07 a.m.

Buffer Overflow

2019-08-0800:07:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

55.5%

JSON

blktrace (aka Block IO Tracing) is vulnerable to buffer overflow attacks. This exists in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. This may leads to a application crash.

CPENameOperatorVersion
blktraceeq1.0.5__8.el7

CPE	Name	Operator	Version
	blktrace	eq	1.0.5__8.el7

References

git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7

www.securityfocus.com/bid/104142

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHSA-2019:2162

access.redhat.com/security/updates/classification/#low

git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7

www.spinics.net/lists/linux-btrace/msg00847.html

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for VERACODE:21077