openthread/ncp-uart-received-fuzzer: Stack-buffer-overflow in ot::Message::Write

2019-06-22T14:34:19

Description

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5734126906245120 Project: openthread Fuzzer: afl_openthread_ncp-uart-received-fuzzer Fuzz target binary: ncp-uart-received-fuzzer Job Type: afl_asan_openthread Platform Id: linux Crash Type: Stack-buffer-overflow READ {*} Crash Address: 0x7fce54ba9f32 Crash State: ot::Message::Write ot::Message::Append ot::AddressResolver::SendAddressQueryResponse Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=afl_asan_openthread&range=201906180307:201906190240 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5734126906245120 Issue filed automatically. See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for instructions to reproduce this bug locally. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

Affected Software

CPE Name	Name	Version
	openthread	2018.09.26
	openthread	2018.06.19
	openthread	2017.07.16

{"id": "OSSFUZZ-15447", "type": "ossfuzz", "bulletinFamily": "software", "title": "openthread/ncp-uart-received-fuzzer: Stack-buffer-overflow in ot::Message::Write", "description": "Project:\nhttps://github.com/openthread/openthread.git\n\nDetailed report: https://oss-fuzz.com/testcase?key=5734126906245120\n\nProject: openthread\nFuzzer: afl_openthread_ncp-uart-received-fuzzer\nFuzz target binary: ncp-uart-received-fuzzer\nJob Type: afl_asan_openthread\nPlatform Id: linux\n\nCrash Type: Stack-buffer-overflow READ {*}\nCrash Address: 0x7fce54ba9f32\nCrash State:\n ot::Message::Write\n ot::Message::Append\n ot::AddressResolver::SendAddressQueryResponse\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=afl_asan_openthread&range=201906180307:201906190240\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5734126906245120\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for instructions to reproduce this bug locally.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.", "published": "2019-06-22T14:34:19", "modified": "2019-07-28T15:25:56", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15447", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-04T15:28:09", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "affected_software": {"major_version": [{"name": "openthread", "version": 2018}, {"name": "openthread", "version": 2018}, {"name": "openthread", "version": 2017}]}, "vulnersScore": -0.6}, "ossfuzz": {"issue": 15447, "status": "Verified", "project": "openthread", "ref": "https://oss-fuzz.com/revisions?job=afl_asan_openthread&range=201906260304:201906270311", "crashType": "Stack-buffer-overflow READ {*}", "revisions": ["ce8f1172a80a90de3ced8551038dd9baa68d4fe6:016b1b152327c27b2f46accd272b49da8a16ed9f"], "project_repos": ["https://github.com/openthread/openthread.git"], "tags": ["2019.11.13", "2018.09.26", "2018.06.19", "2017.07.16"]}, "affectedSoftware": [{"name": "openthread", "version": "2018.09.26", "operator": "eq"}, {"name": "openthread", "version": "2018.06.19", "operator": "eq"}, {"name": "openthread", "version": "2017.07.16", "operator": "eq"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645657571, "score": 1684000228, "affected_software_major_version": 1677286885, "epss": 1678893030}, "_internal": {"score_hash": "1c465a4b18db9f47cacb5c9dcd3bbc63"}}