Skip to content
This repository has been archived by the owner on Apr 20, 2023. It is now read-only.

Is one-off in pe_utils_str_widechar2ascii() a security issue? #34

Open
petterreinholdtsen opened this issue May 1, 2021 · 9 comments
Open

Is one-off in pe_utils_str_widechar2ascii() a security issue? #34

petterreinholdtsen opened this issue May 1, 2021 · 9 comments

Comments

@petterreinholdtsen
Copy link

Dear developer. The fix in 5737a97 was just brought to my attention, and it made me wonder if the issue can cause a security issue with specially created PE binaries. Is the fix security related, and if so, is there a CVE assigned to the issue?
@petterreinholdtsen
Copy link
Author

https://bugs.debian.org/987959 is the background for my question.

@merces
Copy link
Owner

merces commented May 17, 2021

Hi @petterreinholdtsen. This looks like a security issue, you're right. However, we haven't assigned any CVE to it. @jweyrich do you have more details here since you were the one fixing the bug?

@jweyrich
Copy link
Collaborator

jweyrich commented May 18, 2021
edited
Loading

No security issue was reported for this case. At least not that I'm aware of. But yes, theoretically, a malformed binary could cause arbitrary code execution - I didn't try it though. IRC, we detected the issue during one of our Discord sessions.

@jweyrich jweyrich mentioned this issue May 18, 2021
Closed
@petterreinholdtsen
Copy link
Author

Should a CVE be requested for this issue?

@merces
Copy link
Owner

merces commented Dec 21, 2021

I'd be fine with that, yes. Should we work on it ourselves or you do it, @petterreinholdtsen ?

Thanks.

@petterreinholdtsen
Copy link
Author

petterreinholdtsen commented Dec 21, 2021 via email

@carnil
Copy link

carnil commented Dec 22, 2021

[Fernando Mercês]
I'd be fine with that, yes. Should we work on it ourselves or you do it, @petterreinholdtsen ?
I do not have any source of CVEs myself, my approach would be to talk to the Debian security team to ask for their help, as I am involved in Debian. No idea if that is a better option than your ideas. I suspect it is better that you, who know the source and issue, do it.

-- Happy hacking Petter Reinholdtsen

If a CVE is warranted for the issue, please do request a CVE directly via https://cveform.mitre.org.

@merces
Copy link
Owner

merces commented Jan 28, 2022

Hi @carnil, thanks for pointing that out. ;)

Hi @petterreinholdtsen , we're now in the process of finding someone to takeover this project alongside with pev, because we don't have the time to work on them anymore. I truly appreciate your understanding as I didn't want to see pev being kicked out from Debian repos. I hope to find a new maintainer that will take care of this and other issues.

Thanks,
Fernando

@petterreinholdtsen
Copy link
Author

petterreinholdtsen commented Jan 28, 2022 via email

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jweyrich @petterreinholdtsen @carnil @merces