Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libtiff/REDTEAM-CVE-2017-17095 and REDTEAM-CVE-2018-18557: Unable to generate crash free constraint #168

Open
ChrisTimperley opened this issue Apr 26, 2023 · 6 comments
Open

libtiff/REDTEAM-CVE-2017-17095 and REDTEAM-CVE-2018-18557: Unable to generate crash free constraint #168

ChrisTimperley opened this issue Apr 26, 2023 · 6 comments
Assignees
@rshariffdeen
Labels
analysis bug Something isn't working red-team
Milestone
Red Team Evaluation

Comments

@ChrisTimperley
Copy link
Collaborator

REDTEAM-CVE-2018-18557:

                [warning] Unknown Crash Reason: jbg_dec_init

                [error] unknown crash type: None
        Analysis Failed
        Unable to generate crash free constraint
        Runtime Error
        Error. Exiting...

REDTEAM-CVE-2017-17095:

                [warning] Unknown Crash Reason: jpeg_std_error

                [error] unknown crash type: None
        Analysis Failed
        Unable to generate crash free constraint
        Runtime Error
        Error. Exiting...
@ChrisTimperley ChrisTimperley added bug Something isn't working analysis red-team labels Apr 26, 2023
@ChrisTimperley ChrisTimperley added this to the Red Team Evaluation milestone Apr 26, 2023
@rshariffdeen
Copy link
Collaborator

CVE-2018-18557 fixed in 89b9217

@rshariffdeen
Copy link
Collaborator

fixed the reported issue of CVE-2017-17095 in 49c17d4

@ChrisTimperley
Copy link
Collaborator Author

@rshariffdeen CVE-2017-17095 still fails on the latest commit:

                extracting instruction trace
                        [note] program did not crash
                        [note]: the program did not crash

Run time statistics:
-----------------------

        Startup: 0.000 minutes
        Build: 0 minutes
        Concrete Analysis: 0 minutes
        Concolic Analysis: 0 minutes
        Total Analysis: 0 minutes
        Localization: 0 minutes

CRepair finished successfully after 11.008 minutes 

FATAL ERROR: analysis failed: no localization file was produced
root@83fdcfeaa13d:/data/vulnloc/libtiff/REDTEAM-CVE-2017-17095#

@rshariffdeen
Copy link
Collaborator

The reported issue is fixed for REDTEAM-CVE-2017-17095 which was missing link to libjpeg library, this is fixed. However, the exploit trace includes the use of longjmp which is not supported by KLEE hence this bug cannot be reproduced using Klee.

@ChrisTimperley
Copy link
Collaborator Author

Any updates on REDTEAM-CVE-2018-18557?

@rshariffdeen
Copy link
Collaborator

It was already fixed in 89b9217
I updated the analysis to generate fix constraints with call expressions, in ae2eb5d however the linter is not parsing it, you will have to update the parser?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rshariffdeen rshariffdeen

Labels
analysis bug Something isn't working red-team
Projects
None yet
Milestone
Red Team Evaluation
Development

No branches or pull requests
2 participants
@ChrisTimperley @rshariffdeen