CVE-2021-40647 In man2html 1.6g, reading a specific string from a file overwrites the size parameter in the top chunk of the heap, which causes segmentation abort if the heap size isn't aligned correctly.

This issue is fixed in version 2.29 of the library. An attacker can bypass ASLR and stack defenses in some circumstances by uploading a program to a webserver that writes to arbitrary addresses. This can lead to remote code execution. This issue was discovered by Robert Labary of the RedHat security team and reported to the upstream developers. It was fixed in version 1.6g of man2html . This issue was fixed in version 1.6f of man2html . This issue was fixed in version 1.6d of man2html . This issue was fixed in version 1.6c of man2html . This issue was fixed in version 1.6b of man2html . This issue was fixed in version 1.6a of man2html . This issue was fixed in version 1.6 of man2html . This issue was fixed in version 1.5 of man2html . This issue was fixed in version 1.4 of man2html . This issue was fixed in version 1.3 of man2html . This issue was fixed in version 1.2 of man2html . This issue was fixed in version 1.1 of man2html . This issue was fixed in version 1.0d of man2html . This issue was fixed in version 1.0c of man2html . This issue was fixed in version 1.0b of man2html . This issue was fixed in version 1.0a of man2html

Overview of the vulnerability

An attacker can bypass ASLR and stack defenses in some circumstances by uploading a program to a webserver that writes to arbitrary addresses. This can lead to remote code execution.

References https://www.redhat.com/security/data/cve/CVE-2021-40647

Why outsourcing SEO can be a good idea?
Outsourcing SEO provides a way for brands to identify key strategic goals and then leave the complex process of meeting those goals to industry experts.

Description

An attacker can bypass ASLR and stack defenses in some circumstances by uploading a program to a webserver that writes to arbitrary addresses. This can lead to remote code execution.

How to discover if you are vulnerable?

You can check the output of the following commands to see how many bytes are written to the stack:
"gcc -q --strict-as-needed -o a.out foo.c; ./a.out"
The stack pointer is at 0x7fffffff8d00 and is written to in the following locations:
0x00008d5: write 8 bytes with value 0x42424242
0x0000908: write 8 bytes with value 0x42424242
0x000090c: write 8 bytes with value 0x42424242
0x0000910: write 8 bytes with value 0x42424242

Timeline

Published on: 09/09/2022 18:15:00 UTC
Last modified on: 09/14/2022 19:52:00 UTC

References

• https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40647