Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 671000 (CVE-2018-18751) - <sys-devel/gettext-0.19.8.1: double free in default_add_message in read-catalog.c (CVE-2018-18751)
Summary: <sys-devel/gettext-0.19.8.1: double free in default_add_message in read-catal...
Status: RESOLVED FIXED
Alias: CVE-2018-18751
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-12 13:26 UTC by Marvin Wolf
Modified: 2019-03-24 05:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marvin Wolf 2018-11-12 13:26:32 UTC
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

PoC:

https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree 
https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-03-24 05:18:11 UTC
Downgraded.

Patch diff:

http://launchpadlibrarian.net/396514581/gettext_0.19.8.1-8_0.19.8.1-8ubuntu0.1.diff.gz