Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717968 (CVE-2019-16707) - <app-text/hunspell-1.7.0-r2: Buffer overflow in SuggestMgr::leftcommonsubstring (CVE-2019-16707)
Summary: <app-text/hunspell-1.7.0-r2: Buffer overflow in SuggestMgr::leftcommonsubstri...
Status: RESOLVED FIXED
Alias: CVE-2019-16707
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/hunspell/hunspell/...
Whiteboard: C3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-18 00:12 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-18 00:04 UTC (History)
0 users

See Also:
Package list:
=app-text/hunspell-1.7.0-r2
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-18 00:12:31 UTC 
CVE-2019-16707 (https://nvd.nist.gov/vuln/detail/CVE-2019-16707):
  Hunspell 1.7.0 has an invalid read operation in
  SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-04-19 18:01:43 UTC 
See URL for the upstream fix. Could be worth backporting...
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-22 16:58:14 UTC 
(In reply to Lars Wendler (Polynomial-C) from comment #1)
> See URL for the upstream fix. Could be worth backporting...

Hmmm... I was thinking this, but there is a comment now:
https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#commitcomment-35927990

> this is an almost artificial test case. None of the Hunspell dictionaries uses COMPLEXPREFIXES (see here: https://github.com/wooorm/dictionaries), also the bad UTF-8 input word is likely filtered out by the applications with embedded Hunspell.

In theory, someone can use any dictionary with it. But most of them won't make this exploitable.
Comment 3 Larry the Git Cow gentoo-dev 2020-06-28 22:17:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e89ec853a42dd375ccc12057c9376e6786d44ba

commit 4e89ec853a42dd375ccc12057c9376e6786d44ba
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-06-19 03:50:19 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-28 22:16:56 +0000

    app-text/hunspell: Patch CVE-2019-16707
    
    Bug: https://bugs.gentoo.org/717968
    Package-Manager: Portage-2.3.101, Repoman-2.3.22
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16320
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 .../files/hunspell-1.7.0-CVE-2019-16707.patch      | 22 ++++++
 app-text/hunspell/hunspell-1.7.0-r2.ebuild         | 89 ++++++++++++++++++++++
 2 files changed, 111 insertions(+)
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2020-06-28 22:17:55 UTC 
please call for stable when ready
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-06 07:28:20 UTC 
ppc/ppc64 stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-09 00:25:19 UTC 
arm64 stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-11 20:35:54 UTC 
sparc stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-12 13:59:04 UTC 
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-07-17 07:25:38 UTC 
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-07-17 07:46:41 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 11 Larry the Git Cow gentoo-dev 2020-07-18 00:00:18 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9066914211115527d8e649624a8a64cb37fd787

commit d9066914211115527d8e649624a8a64cb37fd787
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-17 21:14:14 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-17 23:59:51 +0000

    app-text/hunspell: security cleanup
    
    Bug: https://bugs.gentoo.org/717968
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/hunspell/hunspell-1.7.0-r1.ebuild | 88 ------------------------------
 1 file changed, 88 deletions(-)
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 00:04:44 UTC 
Cleanup done, noglsa, closing.