Bug 803131 (CVE-2020-36428, CVE-2021-36977)

Summary:	<sci-libs/matio-1.5.22: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	sci
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [glsa+]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-07-20 23:33:51 UTC

CVE-2020-36428 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421):

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).

CVE-2021-36977 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31265):

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry).



No references to a fix.

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:20:47 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:28:53 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:36:50 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:44:53 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:52:56 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:56:52 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:00:52 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:09:09 UTC

Package list is empty or all packages have requested keywords.

Comment 9 Larry the Git Cow gentoo-dev

2022-05-09 17:19:35 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487b3fc529cfde6265e6c10ba0a2b1ea51f82a17

commit 487b3fc529cfde6265e6c10ba0a2b1ea51f82a17
Author:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
AuthorDate: 2022-05-09 17:00:50 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
CommitDate: 2022-05-09 17:19:28 +0000

    sci-libs/matio: drop 1.5.21
    
    Bug: https://bugs.gentoo.org/842258
    Bug: https://bugs.gentoo.org/803131
    Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>

 sci-libs/matio/Manifest            |  1 -
 sci-libs/matio/matio-1.5.21.ebuild | 46 --------------------------------------
 2 files changed, 47 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b978a17ecb4e1ccd62317d664e9af15fb3034f24

commit b978a17ecb4e1ccd62317d664e9af15fb3034f24
Author:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
AuthorDate: 2022-05-09 17:00:15 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
CommitDate: 2022-05-09 17:19:27 +0000

    sci-libs/matio: add 1.5.23
    
    Bug: https://bugs.gentoo.org/842258
    Bug: https://bugs.gentoo.org/803131
    Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>

 sci-libs/matio/Manifest            |  1 +
 sci-libs/matio/matio-1.5.23.ebuild | 46 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

Comment 10 John Helmert III archtester

2022-05-10 16:08:46 UTC

(In reply to Larry the Git Cow from comment #9) 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=b978a17ecb4e1ccd62317d664e9af15fb3034f24
> 
> commit b978a17ecb4e1ccd62317d664e9af15fb3034f24
> Author:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
> AuthorDate: 2022-05-09 17:00:15 +0000
> Commit:     Andrew Ammerlaan <andrewammerlaan@gentoo.org>
> CommitDate: 2022-05-09 17:19:27 +0000
> 
>     sci-libs/matio: add 1.5.23
>     
>     Bug: https://bugs.gentoo.org/842258
>     Bug: https://bugs.gentoo.org/803131
>     Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
> 
>  sci-libs/matio/Manifest            |  1 +
>  sci-libs/matio/matio-1.5.23.ebuild | 46
> ++++++++++++++++++++++++++++++++++++++
>  2 files changed, 47 insertions(+)

Are these issues fixed in this release?

Comment 11 Hans de Graaff gentoo-dev

2023-10-15 09:41:11 UTC

Changes in 1.5.22 (25 March 2022)
* Fixed heap-based buffer overflows when reading (crafted) MAT file
  (CVE-2020-36428, CVE-2021-36977)

Comment 12 Larry the Git Cow gentoo-dev

2024-08-11 14:39:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=23426cc73fa2cb8d57029b4e6ff9275d0a0ef884

commit 23426cc73fa2cb8d57029b4e6ff9275d0a0ef884
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-11 14:39:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-11 14:39:32 +0000

    [ GLSA 202408-26 ] matio: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803131
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-26.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)