Search...

GNU Barcode 0.99 Buffer Overflow

2018-05-29T00:00:00

ID ZSL-2018-5470
Type zeroscience
Reporter Gjoko Krstic
Modified 2018-05-29T00:00:00

Description

Title: GNU Barcode 0.99 Buffer Overflow
Advisory ID: ZSL-2018-5470
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 29.05.2018

Summary

GNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output.

Description

The vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine.

Vendor

The GNU Project - <https://www.gnu.org/software/barcode/>
Free Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>

Affected Version

0.99

Tested On

Ubuntu 16.04.4

Vendor Status

[09.12.2017] Vulnerability discovered.
[14.05.2018] Vendor contacted.
[28.05.2018] No response from the vendor.
[29.05.2018] Public security advisory released.

PoC

gnubarcode_bof.txt
gnubarcode_crashes.tar

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <https://www.exploit-db.com/exploits/44797/>
[2] <https://cxsecurity.com/issue/WLB-2018050302>
[3] <https://packetstormsecurity.com/files/147979>
[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>

Changelog

[29.05.2018] - Initial release
[13.06.2018] - Added reference [2], [3] and [4]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;

JSON Vulners Source

Initial Source

{"id": "ZSL-2018-5470", "bulletinFamily": "exploit", "title": "GNU Barcode 0.99 Buffer Overflow", "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "published": "2018-05-29T00:00:00", "modified": "2018-05-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "reporter": "Gjoko Krstic", "references": [], "cvelist": [], "type": "zeroscience", "lastseen": "2019-11-11T16:11:36", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-10-28T20:32:27", "references": [{"idList": ["E-510", "E-564", "E-234", "E-514"], "type": "dsquare"}, {"idList": ["SECURITYVULNS:VULN:3288", "SECURITYVULNS:VULN:5470"], "type": "securityvulns"}]}, "score": {"modified": "2019-10-28T20:32:27", "value": 0.0, "vector": "NONE"}}, "hash": "f9a1b18ff308ac2d144332ec815b2c10542b4cb8be10222704c1294e18fcc192", "hashmap": [{"hash": "c0f1c80b41d752feeb44eb576c63c7a6", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "65b9841e975b298f1cc686da2ba47411", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "97c102c4d3d357f7349e7dba8a3d334f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c1429d6d4487d9b7a8a19a72c630e259", "key": "sourceData"}, {"hash": "8ae079da90a361d7a0abdc807f4cd5a2", "key": "reporter"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "modified"}, {"hash": "edc9dc06a2dd9f6e2238c411ac8a6db8", "key": "type"}, {"hash": "a8299526ca2c6a72518d6c5bf3ac0947", "key": "title"}], "history": [], "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "id": "ZSL-2018-5470", "lastseen": "2019-10-28T20:32:27", "modified": "2018-05-29T00:00:00", "objectVersion": "1.3", "published": "2018-05-29T00:00:00", "references": [], "reporter": "Gjoko Krstic", "sourceData": "\nGNU Barcode 0.99 Buffer Overflow\n\n\nVendor: The GNU Project | Free Software Foundation, Inc.\nProduct web page: https://www.gnu.org/software/barcode/\n https://directory.fsf.org/wiki/Barcode\n\nAffected version: 0.99\n\nSummary: GNU Barcode is a tool to convert text strings to printed bars.\nIt supports a variety of standard codes to represent the textual strings\nand creates postscript output.\n\nDesc: The vulnerability is caused due to a boundary error in the processing\nof an input file, which can be exploited to cause a buffer overflow when a\nuser processes e.g. a specially crafted file. Successful exploitation could\nallow execution of arbitrary code on the affected machine.\n\n=========================================================================\ncode93.c:\n---------\n\n165: strcat(partial, codeset[code]);\n166: checksum_str[checksum_len++] = code;\n167: \n168: /* Encode the second character */\n169: code = strchr(alphabet, shiftset2[(int)(text[i])]) - alphabet;\n170: strcat(partial, codeset[code]);\n171: checksum_str[checksum_len++] = code;\n\n=========================================================================\n\nTested on: Ubuntu 16.04.4\n\n\nVulerability discovered by Gjoko 'LiquidWorm' Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2018-5470\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php\n\n\n09.12.2017\n\n--\n\n\nlqwrm@metalgear:~/research/barcode-0.99$ ./barcode -i id:000034,sig:06,src:000000,op:havoc,rep:128\n%!PS-Adobe-2.0\n%%Creator: \"barcode\", libbarcode sample frontend\n%%DocumentPaperSizes: A4\n%%EndComments\n%%EndProlog\n\n%%Page: 1 1\n\n% Printing barcode for \"W+G$A+M%KWWGWWWWWWWW9WW\", scaled 1.00, encoded using \"code 39\"\n% The space/bar succession is represented by the following widths (space first):\n% 01311313111333111111113111313111111133131131313111131111311311311131311313111131111131313113111111331333111111133311111111111133131333111111133311111113331111111333111111133311111113331111111333111111133311111111133113111333111111133311111113111113311131131311\n[\n% height xpos ypos width height xpos ypos width\n [75.00 10.50 15.00 0.85] [75.00 14.50 15.00 0.85]\n [75.00 17.50 15.00 2.85] [75.00 21.50 15.00 2.85]\n [75.00 24.50 15.00 0.85] [70.00 27.50 20.00 2.85]\n [70.00 33.50 20.00 2.85] [70.00 36.50 20.00 0.85]\n [70.00 38.50 20.00 0.85] [70.00 40.50 20.00 0.85]\n [70.00 42.50 20.00 0.85] [70.00 46.50 20.00 0.85]\n [70.00 48.50 20.00 0.85] [70.00 52.50 20.00 0.85]\n [70.00 56.50 20.00 0.85] [70.00 58.50 20.00 0.85]\n [70.00 60.50 20.00 0.85] [70.00 62.50 20.00 0.85]\n [70.00 67.50 20.00 2.85] [70.00 71.50 20.00 2.85]\n [70.00 74.50 20.00 0.85] [70.00 78.50 20.00 0.85]\n [70.00 82.50 20.00 0.85] [70.00 86.50 20.00 0.85]\n [70.00 88.50 20.00 0.85] [70.00 91.50 20.00 2.85]\n [70.00 94.50 20.00 0.85] [70.00 96.50 20.00 0.85]\n [70.00 100.50 20.00 0.85] [70.00 103.50 20.00 2.85]\n [70.00 106.50 20.00 0.85] [70.00 110.50 20.00 0.85]\n [70.00 112.50 20.00 0.85] [70.00 116.50 20.00 0.85]\n [70.00 120.50 20.00 0.85] [70.00 123.50 20.00 2.85]\n [70.00 127.50 20.00 2.85] [70.00 130.50 20.00 0.85]\n [70.00 132.50 20.00 0.85] [70.00 136.50 20.00 0.85]\n [70.00 138.50 20.00 0.85] [70.00 140.50 20.00 0.85]\n [70.00 144.50 20.00 0.85] [70.00 148.50 20.00 0.85]\n [70.00 152.50 20.00 0.85] [70.00 155.50 20.00 2.85]\n [70.00 158.50 20.00 0.85] [70.00 160.50 20.00 0.85]\n [70.00 162.50 20.00 0.85] [70.00 167.50 20.00 2.85]\n [70.00 171.50 20.00 2.85] [70.00 177.50 20.00 2.85]\n [70.00 180.50 20.00 0.85] [70.00 182.50 20.00 0.85]\n [70.00 184.50 20.00 0.85] [70.00 187.50 20.00 2.85]\n [70.00 193.50 20.00 2.85] [70.00 196.50 20.00 0.85]\n [70.00 198.50 20.00 0.85] [70.00 200.50 20.00 0.85]\n [70.00 202.50 20.00 0.85] [70.00 204.50 20.00 0.85]\n [70.00 206.50 20.00 0.85] [70.00 211.50 20.00 2.85]\n [70.00 215.50 20.00 2.85] [70.00 219.50 20.00 2.85]\n [70.00 225.50 20.00 2.85] [70.00 228.50 20.00 0.85]\n [70.00 230.50 20.00 0.85] [70.00 232.50 20.00 0.85]\n [70.00 235.50 20.00 2.85] [70.00 241.50 20.00 2.85]\n [70.00 244.50 20.00 0.85] [70.00 246.50 20.00 0.85]\n [70.00 248.50 20.00 0.85] [70.00 251.50 20.00 2.85]\n [70.00 257.50 20.00 2.85] [70.00 260.50 20.00 0.85]\n [70.00 262.50 20.00 0.85] [70.00 264.50 20.00 0.85]\n [70.00 267.50 20.00 2.85] [70.00 273.50 20.00 2.85]\n [70.00 276.50 20.00 0.85] [70.00 278.50 20.00 0.85]\n [70.00 280.50 20.00 0.85] [70.00 283.50 20.00 2.85]\n [70.00 289.50 20.00 2.85] [70.00 292.50 20.00 0.85]\n [70.00 294.50 20.00 0.85] [70.00 296.50 20.00 0.85]\n [70.00 299.50 20.00 2.85] [70.00 305.50 20.00 2.85]\n [70.00 308.50 20.00 0.85] [70.00 310.50 20.00 0.85]\n [70.00 312.50 20.00 0.85] [70.00 315.50 20.00 2.85]\n [70.00 321.50 20.00 2.85] [70.00 324.50 20.00 0.85]\n [70.00 326.50 20.00 0.85] [70.00 328.50 20.00 0.85]\n [70.00 331.50 20.00 2.85] [70.00 337.50 20.00 2.85]\n [70.00 340.50 20.00 0.85] [70.00 342.50 20.00 0.85]\n [70.00 344.50 20.00 0.85] [70.00 346.50 20.00 0.85]\n [70.00 349.50 20.00 2.85] [70.00 354.50 20.00 0.85]\n [70.00 357.50 20.00 2.85] [70.00 360.50 20.00 0.85]\n [70.00 363.50 20.00 2.85] [70.00 369.50 20.00 2.85]\n [70.00 372.50 20.00 0.85] [70.00 374.50 20.00 0.85]\n [70.00 376.50 20.00 0.85] [70.00 379.50 20.00 2.85]\n [70.00 385.50 20.00 2.85] [70.00 388.50 20.00 0.85]\n [70.00 390.50 20.00 0.85] [70.00 392.50 20.00 0.85]\n [70.00 395.50 20.00 2.85] [70.00 398.50 20.00 0.85]\n [70.00 400.50 20.00 0.85] [70.00 403.50 20.00 2.85]\n [70.00 408.50 20.00 0.85] [75.00 410.50 15.00 0.85]\n [75.00 414.50 15.00 0.85] [75.00 417.50 15.00 2.85]\n [75.00 421.50 15.00 2.85] [75.00 424.50 15.00 0.85]\n\n]\t{ {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall\n[\n% char xpos ypos fontsize\n [(W) 32.00 10.00 12.00]\n [(+) 48.00 10.00 0.00]\n [(G) 64.00 10.00 0.00]\n [($) 80.00 10.00 0.00]\n [(A) 96.00 10.00 0.00]\n [(+) 112.00 10.00 0.00]\n [(M) 128.00 10.00 0.00]\n [(%) 144.00 10.00 0.00]\n [(K) 160.00 10.00 0.00]\n [(W) 176.00 10.00 0.00]\n [(W) 192.00 10.00 0.00]\n [(G) 208.00 10.00 0.00]\n [(W) 224.00 10.00 0.00]\n [(W) 240.00 10.00 0.00]\n [(W) 256.00 10.00 0.00]\n [(W) 272.00 10.00 0.00]\n [(W) 288.00 10.00 0.00]\n [(W) 304.00 10.00 0.00]\n [(W) 320.00 10.00 0.00]\n [(W) 336.00 10.00 0.00]\n [(9) 352.00 10.00 0.00]\n [(W) 368.00 10.00 0.00]\n [(W) 384.00 10.00 0.00]\n] { {} forall dup 0.00 ne {\n\t/Helvetica findfont exch scalefont setfont\n } {pop} ifelse\n moveto show} bind forall\n% End barcode for \"W+G$A+M%KWWGWWWWWWWW9WW\"\n\nshowpage\n%%Page: 2 2\n\n=================================================================\n==11076==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000043bc02 at pc 0x00000042189a bp 0x7fff2f160c00 sp 0x7fff2f160bf0\nREAD of size 1 at 0x00000043bc02 thread T0\n #0 0x421899 in Barcode_93_encode /home/lqwrm/research/barcode-0.99/code93.c:169\n #1 0x409ac2 in Barcode_Encode_and_Print /home/lqwrm/research/barcode-0.99/library.c:234\n #2 0x402319 in main /home/lqwrm/research/barcode-0.99/main.c:564\n #3 0x7f9b8745282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)\n #4 0x404708 in _start (/home/lqwrm/research/barcode-0.99/barcode+0x404708)\n\n0x00000043bc02 is located 32 bytes to the right of global variable '*.LC6' defined in 'code93.c' (0x43bbe0) of size 2\n '*.LC6' is ascii string '1'\n0x00000043bc02 is located 30 bytes to the left of global variable 'CSWTCH.16' defined in 'code93.c:146:5' (0x43bc20) of size 48\nSUMMARY: AddressSanitizer: global-buffer-overflow /home/lqwrm/research/barcode-0.99/code93.c:169 Barcode_93_encode\nShadow bytes around the buggy address:\n 0x00008007f730: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f750: 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9\n 0x00008007f760: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9\n 0x00008007f770: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 02 f9 f9 f9\n=>0x00008007f780:[f9]f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n 0x00008007f790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f7a0: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n 0x00008007f7b0: 00 00 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9\n 0x00008007f7c0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9\n 0x00008007f7d0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n==11076==ABORTING\n", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "title": "GNU Barcode 0.99 Buffer Overflow", "type": "zeroscience", "viewCount": 515}, "differentElements": ["sourceData"], "edition": 11, "lastseen": "2019-10-28T20:32:27"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 3, "enchantments": {"score": {"modified": "2018-06-13T19:13:45", "value": 9.3, "vector": "NONE"}}, "hash": "f9a1b18ff308ac2d144332ec815b2c10542b4cb8be10222704c1294e18fcc192", "hashmap": [{"hash": "c0f1c80b41d752feeb44eb576c63c7a6", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "65b9841e975b298f1cc686da2ba47411", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "97c102c4d3d357f7349e7dba8a3d334f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c1429d6d4487d9b7a8a19a72c630e259", "key": "sourceData"}, {"hash": "8ae079da90a361d7a0abdc807f4cd5a2", "key": "reporter"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "modified"}, {"hash": "edc9dc06a2dd9f6e2238c411ac8a6db8", "key": "type"}, {"hash": "a8299526ca2c6a72518d6c5bf3ac0947", "key": "title"}], "history": [], "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "id": "ZSL-2018-5470", "lastseen": "2018-06-13T19:13:45", "modified": "2018-05-29T00:00:00", "objectVersion": "1.3", "published": "2018-05-29T00:00:00", "references": [], "reporter": "Gjoko Krstic", "sourceData": "\nGNU Barcode 0.99 Buffer Overflow\n\n\nVendor: The GNU Project | Free Software Foundation, Inc.\nProduct web page: https://www.gnu.org/software/barcode/\n https://directory.fsf.org/wiki/Barcode\n\nAffected version: 0.99\n\nSummary: GNU Barcode is a tool to convert text strings to printed bars.\nIt supports a variety of standard codes to represent the textual strings\nand creates postscript output.\n\nDesc: The vulnerability is caused due to a boundary error in the processing\nof an input file, which can be exploited to cause a buffer overflow when a\nuser processes e.g. a specially crafted file. Successful exploitation could\nallow execution of arbitrary code on the affected machine.\n\n=========================================================================\ncode93.c:\n---------\n\n165: strcat(partial, codeset[code]);\n166: checksum_str[checksum_len++] = code;\n167: \n168: /* Encode the second character */\n169: code = strchr(alphabet, shiftset2[(int)(text[i])]) - alphabet;\n170: strcat(partial, codeset[code]);\n171: checksum_str[checksum_len++] = code;\n\n=========================================================================\n\nTested on: Ubuntu 16.04.4\n\n\nVulerability discovered by Gjoko 'LiquidWorm' Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2018-5470\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php\n\n\n09.12.2017\n\n--\n\n\nlqwrm@metalgear:~/research/barcode-0.99$ ./barcode -i id:000034,sig:06,src:000000,op:havoc,rep:128\n%!PS-Adobe-2.0\n%%Creator: \"barcode\", libbarcode sample frontend\n%%DocumentPaperSizes: A4\n%%EndComments\n%%EndProlog\n\n%%Page: 1 1\n\n% Printing barcode for \"W+G$A+M%KWWGWWWWWWWW9WW\", scaled 1.00, encoded using \"code 39\"\n% The space/bar succession is represented by the following widths (space first):\n% 01311313111333111111113111313111111133131131313111131111311311311131311313111131111131313113111111331333111111133311111111111133131333111111133311111113331111111333111111133311111113331111111333111111133311111111133113111333111111133311111113111113311131131311\n[\n% height xpos ypos width height xpos ypos width\n [75.00 10.50 15.00 0.85] [75.00 14.50 15.00 0.85]\n [75.00 17.50 15.00 2.85] [75.00 21.50 15.00 2.85]\n [75.00 24.50 15.00 0.85] [70.00 27.50 20.00 2.85]\n [70.00 33.50 20.00 2.85] [70.00 36.50 20.00 0.85]\n [70.00 38.50 20.00 0.85] [70.00 40.50 20.00 0.85]\n [70.00 42.50 20.00 0.85] [70.00 46.50 20.00 0.85]\n [70.00 48.50 20.00 0.85] [70.00 52.50 20.00 0.85]\n [70.00 56.50 20.00 0.85] [70.00 58.50 20.00 0.85]\n [70.00 60.50 20.00 0.85] [70.00 62.50 20.00 0.85]\n [70.00 67.50 20.00 2.85] [70.00 71.50 20.00 2.85]\n [70.00 74.50 20.00 0.85] [70.00 78.50 20.00 0.85]\n [70.00 82.50 20.00 0.85] [70.00 86.50 20.00 0.85]\n [70.00 88.50 20.00 0.85] [70.00 91.50 20.00 2.85]\n [70.00 94.50 20.00 0.85] [70.00 96.50 20.00 0.85]\n [70.00 100.50 20.00 0.85] [70.00 103.50 20.00 2.85]\n [70.00 106.50 20.00 0.85] [70.00 110.50 20.00 0.85]\n [70.00 112.50 20.00 0.85] [70.00 116.50 20.00 0.85]\n [70.00 120.50 20.00 0.85] [70.00 123.50 20.00 2.85]\n [70.00 127.50 20.00 2.85] [70.00 130.50 20.00 0.85]\n [70.00 132.50 20.00 0.85] [70.00 136.50 20.00 0.85]\n [70.00 138.50 20.00 0.85] [70.00 140.50 20.00 0.85]\n [70.00 144.50 20.00 0.85] [70.00 148.50 20.00 0.85]\n [70.00 152.50 20.00 0.85] [70.00 155.50 20.00 2.85]\n [70.00 158.50 20.00 0.85] [70.00 160.50 20.00 0.85]\n [70.00 162.50 20.00 0.85] [70.00 167.50 20.00 2.85]\n [70.00 171.50 20.00 2.85] [70.00 177.50 20.00 2.85]\n [70.00 180.50 20.00 0.85] [70.00 182.50 20.00 0.85]\n [70.00 184.50 20.00 0.85] [70.00 187.50 20.00 2.85]\n [70.00 193.50 20.00 2.85] [70.00 196.50 20.00 0.85]\n [70.00 198.50 20.00 0.85] [70.00 200.50 20.00 0.85]\n [70.00 202.50 20.00 0.85] [70.00 204.50 20.00 0.85]\n [70.00 206.50 20.00 0.85] [70.00 211.50 20.00 2.85]\n [70.00 215.50 20.00 2.85] [70.00 219.50 20.00 2.85]\n [70.00 225.50 20.00 2.85] [70.00 228.50 20.00 0.85]\n [70.00 230.50 20.00 0.85] [70.00 232.50 20.00 0.85]\n [70.00 235.50 20.00 2.85] [70.00 241.50 20.00 2.85]\n [70.00 244.50 20.00 0.85] [70.00 246.50 20.00 0.85]\n [70.00 248.50 20.00 0.85] [70.00 251.50 20.00 2.85]\n [70.00 257.50 20.00 2.85] [70.00 260.50 20.00 0.85]\n [70.00 262.50 20.00 0.85] [70.00 264.50 20.00 0.85]\n [70.00 267.50 20.00 2.85] [70.00 273.50 20.00 2.85]\n [70.00 276.50 20.00 0.85] [70.00 278.50 20.00 0.85]\n [70.00 280.50 20.00 0.85] [70.00 283.50 20.00 2.85]\n [70.00 289.50 20.00 2.85] [70.00 292.50 20.00 0.85]\n [70.00 294.50 20.00 0.85] [70.00 296.50 20.00 0.85]\n [70.00 299.50 20.00 2.85] [70.00 305.50 20.00 2.85]\n [70.00 308.50 20.00 0.85] [70.00 310.50 20.00 0.85]\n [70.00 312.50 20.00 0.85] [70.00 315.50 20.00 2.85]\n [70.00 321.50 20.00 2.85] [70.00 324.50 20.00 0.85]\n [70.00 326.50 20.00 0.85] [70.00 328.50 20.00 0.85]\n [70.00 331.50 20.00 2.85] [70.00 337.50 20.00 2.85]\n [70.00 340.50 20.00 0.85] [70.00 342.50 20.00 0.85]\n [70.00 344.50 20.00 0.85] [70.00 346.50 20.00 0.85]\n [70.00 349.50 20.00 2.85] [70.00 354.50 20.00 0.85]\n [70.00 357.50 20.00 2.85] [70.00 360.50 20.00 0.85]\n [70.00 363.50 20.00 2.85] [70.00 369.50 20.00 2.85]\n [70.00 372.50 20.00 0.85] [70.00 374.50 20.00 0.85]\n [70.00 376.50 20.00 0.85] [70.00 379.50 20.00 2.85]\n [70.00 385.50 20.00 2.85] [70.00 388.50 20.00 0.85]\n [70.00 390.50 20.00 0.85] [70.00 392.50 20.00 0.85]\n [70.00 395.50 20.00 2.85] [70.00 398.50 20.00 0.85]\n [70.00 400.50 20.00 0.85] [70.00 403.50 20.00 2.85]\n [70.00 408.50 20.00 0.85] [75.00 410.50 15.00 0.85]\n [75.00 414.50 15.00 0.85] [75.00 417.50 15.00 2.85]\n [75.00 421.50 15.00 2.85] [75.00 424.50 15.00 0.85]\n\n]\t{ {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall\n[\n% char xpos ypos fontsize\n [(W) 32.00 10.00 12.00]\n [(+) 48.00 10.00 0.00]\n [(G) 64.00 10.00 0.00]\n [($) 80.00 10.00 0.00]\n [(A) 96.00 10.00 0.00]\n [(+) 112.00 10.00 0.00]\n [(M) 128.00 10.00 0.00]\n [(%) 144.00 10.00 0.00]\n [(K) 160.00 10.00 0.00]\n [(W) 176.00 10.00 0.00]\n [(W) 192.00 10.00 0.00]\n [(G) 208.00 10.00 0.00]\n [(W) 224.00 10.00 0.00]\n [(W) 240.00 10.00 0.00]\n [(W) 256.00 10.00 0.00]\n [(W) 272.00 10.00 0.00]\n [(W) 288.00 10.00 0.00]\n [(W) 304.00 10.00 0.00]\n [(W) 320.00 10.00 0.00]\n [(W) 336.00 10.00 0.00]\n [(9) 352.00 10.00 0.00]\n [(W) 368.00 10.00 0.00]\n [(W) 384.00 10.00 0.00]\n] { {} forall dup 0.00 ne {\n\t/Helvetica findfont exch scalefont setfont\n } {pop} ifelse\n moveto show} bind forall\n% End barcode for \"W+G$A+M%KWWGWWWWWWWW9WW\"\n\nshowpage\n%%Page: 2 2\n\n=================================================================\n==11076==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000043bc02 at pc 0x00000042189a bp 0x7fff2f160c00 sp 0x7fff2f160bf0\nREAD of size 1 at 0x00000043bc02 thread T0\n #0 0x421899 in Barcode_93_encode /home/lqwrm/research/barcode-0.99/code93.c:169\n #1 0x409ac2 in Barcode_Encode_and_Print /home/lqwrm/research/barcode-0.99/library.c:234\n #2 0x402319 in main /home/lqwrm/research/barcode-0.99/main.c:564\n #3 0x7f9b8745282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)\n #4 0x404708 in _start (/home/lqwrm/research/barcode-0.99/barcode+0x404708)\n\n0x00000043bc02 is located 32 bytes to the right of global variable '*.LC6' defined in 'code93.c' (0x43bbe0) of size 2\n '*.LC6' is ascii string '1'\n0x00000043bc02 is located 30 bytes to the left of global variable 'CSWTCH.16' defined in 'code93.c:146:5' (0x43bc20) of size 48\nSUMMARY: AddressSanitizer: global-buffer-overflow /home/lqwrm/research/barcode-0.99/code93.c:169 Barcode_93_encode\nShadow bytes around the buggy address:\n 0x00008007f730: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f750: 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9\n 0x00008007f760: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9\n 0x00008007f770: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 02 f9 f9 f9\n=>0x00008007f780:[f9]f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9\n 0x00008007f790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x00008007f7a0: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n 0x00008007f7b0: 00 00 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9\n 0x00008007f7c0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9\n 0x00008007f7d0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n==11076==ABORTING\n", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "title": "GNU Barcode 0.99 Buffer Overflow", "type": "zeroscience", "viewCount": 510}, "differentElements": ["sourceData"], "edition": 3, "lastseen": "2018-06-13T19:13:45"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-03-18T10:01:58", "references": [{"idList": ["E-510", "E-564", "E-234"], "type": "dsquare"}]}, "score": {"modified": "2019-03-18T10:01:58", "value": 6.5, "vector": "NONE"}}, "hash": "581fd43b11bb79f8295f2438fb5372d0cb17b32a21b436e913ec6a5610cd6cfc", "hashmap": [{"hash": "c0f1c80b41d752feeb44eb576c63c7a6", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "65b9841e975b298f1cc686da2ba47411", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d5a9f6a52710c9da60e2db94e75ccaf4", "key": "sourceData"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "97c102c4d3d357f7349e7dba8a3d334f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8ae079da90a361d7a0abdc807f4cd5a2", "key": "reporter"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "modified"}, {"hash": "edc9dc06a2dd9f6e2238c411ac8a6db8", "key": "type"}, {"hash": "a8299526ca2c6a72518d6c5bf3ac0947", "key": "title"}], "history": [], "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "id": "ZSL-2018-5470", "lastseen": "2019-03-18T10:01:58", "modified": "2018-05-29T00:00:00", "objectVersion": "1.3", "published": "2018-05-29T00:00:00", "references": [], "reporter": "Gjoko Krstic", "sourceData": "REQUEST LIMIT REACHED", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "title": "GNU Barcode 0.99 Buffer Overflow", "type": "zeroscience", "viewCount": 512}, "differentElements": ["sourceData"], "edition": 6, "lastseen": "2019-03-18T10:01:58"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-15T05:54:58", "references": [{"idList": ["E-510", "E-564", "E-234"], "type": "dsquare"}]}, "score": {"modified": "2019-03-15T05:54:58", "value": 6.5, "vector": "NONE"}}, "hash": "99a64f2b9996c11a09bd6dbd1bcf2e3af8ac371e721dc6bcc8fc3a13b0d49511", "hashmap": [{"hash": "c0f1c80b41d752feeb44eb576c63c7a6", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "65b9841e975b298f1cc686da2ba47411", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "97c102c4d3d357f7349e7dba8a3d334f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8ae079da90a361d7a0abdc807f4cd5a2", "key": "reporter"}, {"hash": "c4e10a83b9354d59ad407d546583fbf4", "key": "sourceData"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "modified"}, {"hash": "edc9dc06a2dd9f6e2238c411ac8a6db8", "key": "type"}, {"hash": "a8299526ca2c6a72518d6c5bf3ac0947", "key": "title"}], "history": [], "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "id": "ZSL-2018-5470", "lastseen": "2019-03-15T05:54:58", "modified": "2018-05-29T00:00:00", "objectVersion": "1.3", "published": "2018-05-29T00:00:00", "references": [], "reporter": "Gjoko Krstic", "sourceData": "<html><head><title>403 Nothing to see.</title>\n<link rel=\"Shortcut Icon\" href=\"favicon.ico\" type=\"image/x-icon\">\n<style type=\"text/css\">\n\n</style>\n</head>\n<body bgcolor=black>\n<center>\n<font color=\"#7E88A3\" size=\"2\">\n<br /><br />\n<h1>403 Nothing to see.</h1>\n\nYou do not have the powah for this request /403.shtml<br /><br />\n<font size=\"2\"><a href=\"https://www.zeroscience.mk\">https://www.zeroscience.mk</a></font>\n</font></center>\n</body></html>", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "title": "GNU Barcode 0.99 Buffer Overflow", "type": "zeroscience", "viewCount": 512}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2019-03-15T05:54:58"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Title: GNU Barcode 0.99 Buffer Overflow \nAdvisory ID: [ZSL-2018-5470](<ZSL-2018-5470.php>) \nType: Local/Remote \nImpact: System Access, DoS \nRisk: (4/5) \nRelease Date: 29.05.2018 \n\n\n##### Summary\n\nGNU Barcode is a tool to convert text strings to printed bars. It supports a variety of standard codes to represent the textual strings and creates postscript output. \n\n##### Description\n\nThe vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine. \n\n##### Vendor\n\nThe GNU Project - <https://www.gnu.org/software/barcode/> \nFree Software Foundation, Inc. - <https://directory.fsf.org/wiki/Barcode>\n\n##### Affected Version\n\n0.99 \n\n##### Tested On\n\nUbuntu 16.04.4 \n\n##### Vendor Status\n\n[09.12.2017] Vulnerability discovered. \n[14.05.2018] Vendor contacted. \n[28.05.2018] No response from the vendor. \n[29.05.2018] Public security advisory released. \n\n##### PoC\n\n[gnubarcode_bof.txt](<../../codes/gnubarcode_bof.txt>) \n[gnubarcode_crashes.tar](<../../codes/gnubarcode_crashes.tar>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.exploit-db.com/exploits/44797/> \n[2] <https://cxsecurity.com/issue/WLB-2018050302> \n[3] <https://packetstormsecurity.com/files/147979> \n[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/144093>\n\n##### Changelog\n\n[29.05.2018] - Initial release \n[13.06.2018] - Added reference [2], [3] and [4] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-01-27T23:53:14", "references": [{"idList": ["OPENVAS:1361412562310107303"], "type": "openvas"}, {"idList": ["E-510", "E-564", "E-234"], "type": "dsquare"}]}, "score": {"modified": "2019-01-27T23:53:14", "value": 9.3, "vector": "NONE"}}, "hash": "581fd43b11bb79f8295f2438fb5372d0cb17b32a21b436e913ec6a5610cd6cfc", "hashmap": [{"hash": "c0f1c80b41d752feeb44eb576c63c7a6", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "65b9841e975b298f1cc686da2ba47411", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d5a9f6a52710c9da60e2db94e75ccaf4", "key": "sourceData"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "97c102c4d3d357f7349e7dba8a3d334f", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8ae079da90a361d7a0abdc807f4cd5a2", "key": "reporter"}, {"hash": "8cdc434bfe47937b61b5842f9f82b1d2", "key": "modified"}, {"hash": "edc9dc06a2dd9f6e2238c411ac8a6db8", "key": "type"}, {"hash": "a8299526ca2c6a72518d6c5bf3ac0947", "key": "title"}], "history": [], "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php", "id": "ZSL-2018-5470", "lastseen": "2019-01-27T23:53:14", "modified": "2018-05-29T00:00:00", "objectVersion": "1.3", "published": "2018-05-29T00:00:00", "references": [], "reporter": "Gjoko Krstic", "sourceData": "REQUEST LIMIT REACHED", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "title": "GNU Barcode 0.99 Buffer Overflow", "type": "zeroscience", "viewCount": 512}, "differentElements": ["sourceData"], "edition": 4, "lastseen": "2019-01-27T23:53:14"}], "edition": 12, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "65b9841e975b298f1cc686da2ba47411"}, {"key": "href", "hash": "97c102c4d3d357f7349e7dba8a3d334f"}, {"key": "modified", "hash": "8cdc434bfe47937b61b5842f9f82b1d2"}, {"key": "published", "hash": "8cdc434bfe47937b61b5842f9f82b1d2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8ae079da90a361d7a0abdc807f4cd5a2"}, {"key": "sourceData", "hash": "c4e10a83b9354d59ad407d546583fbf4"}, {"key": "sourceHref", "hash": "c0f1c80b41d752feeb44eb576c63c7a6"}, {"key": "title", "hash": "a8299526ca2c6a72518d6c5bf3ac0947"}, {"key": "type", "hash": "edc9dc06a2dd9f6e2238c411ac8a6db8"}], "hash": "99a64f2b9996c11a09bd6dbd1bcf2e3af8ac371e721dc6bcc8fc3a13b0d49511", "viewCount": 515, "enchantments": {"dependencies": {"references": [{"type": "dsquare", "idList": ["E-564", "E-510", "E-514", "E-234"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:5470", "SECURITYVULNS:VULN:3288"]}], "modified": "2019-11-11T16:11:36"}, "score": {"value": 0.2, "vector": "NONE", "modified": "2019-11-11T16:11:36"}, "vulnersScore": 0.2}, "objectVersion": "1.3", "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/gnubarcode_bof.txt", "sourceData": "<html><head><title>403 Nothing to see.</title>\n<link rel=\"Shortcut Icon\" href=\"favicon.ico\" type=\"image/x-icon\">\n<style type=\"text/css\">\n\n</style>\n</head>\n<body bgcolor=black>\n<center>\n<font color=\"#7E88A3\" size=\"2\">\n<br /><br />\n<h1>403 Nothing to see.</h1>\n\nYou do not have the powah for this request /403.shtml<br /><br />\n<font size=\"2\"><a href=\"https://www.zeroscience.mk\">https://www.zeroscience.mk</a></font>\n</font></center>\n</body></html>", "scheme": null}

{"dsquare": [{"lastseen": "2017-09-26T15:33:26", "bulletinFamily": "exploit", "description": "SQL Injection vulnerability in Joomla Component com_focalpoint pid parameter\n\nVulnerability Type: SQL Injection", "modified": "2017-04-28T00:00:00", "published": "2017-04-28T00:00:00", "id": "E-564", "href": "", "type": "dsquare", "title": "Joomla Component com_focalpoint SQL Injection", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-26T15:33:26", "bulletinFamily": "exploit", "description": "Joomla! allows administrators to create and edit files using the template management page\n\nVulnerability Type: File Upload", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "E-510", "href": "", "type": "dsquare", "title": "Joomla! Administrator File Upload [Templates]", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-26T15:33:26", "bulletinFamily": "exploit", "description": "File disclosure vulnerability in WordPress Advanced Video Embed plugin\n\nVulnerability Type: File Disclosure", "modified": "2015-05-01T00:00:00", "published": "2015-05-01T00:00:00", "id": "E-514", "href": "", "type": "dsquare", "title": "WordPress Advanced Video Embed File Disclosure", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-26T15:33:26", "bulletinFamily": "exploit", "description": "A simple LFI Vulnerability\n\nVulnerability Type: Local File Include", "modified": "2013-04-02T00:00:00", "published": "2012-02-06T00:00:00", "id": "E-234", "href": "", "type": "dsquare", "title": "Joomla Component com_myfiles 1.0 LFI", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:20", "bulletinFamily": "software", "description": "Special device access, buffer overflow, DoS, ability to initiate voice transfer from the client without user intervation.", "modified": "2005-11-21T00:00:00", "published": "2005-11-21T00:00:00", "id": "SECURITYVULNS:VULN:5470", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:5470", "title": "Multiple Gadu-Gadu instant messenger vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:18", "bulletinFamily": "software", "description": "No description provided", "modified": "2003-12-11T00:00:00", "published": "2003-12-11T00:00:00", "id": "SECURITYVULNS:VULN:3288", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:3288", "title": "CGI bugs", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}

GNU Barcode 0.99 Buffer Overflow

Description

Title: GNU Barcode 0.99 Buffer Overflow Advisory ID: ZSL-2018-5470 Type: Local/Remote Impact: System Access, DoS Risk: (4/5) Release Date: 29.05.2018

Summary

Description

Vendor

Affected Version

Tested On

Vendor Status

PoC

Credits

References

Changelog

Contact

Title: GNU Barcode 0.99 Buffer Overflow
Advisory ID: ZSL-2018-5470
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 29.05.2018