** Description changed:
Hi,
I have found a security issue on whoopsie 0.2.69 and earlier.
- ## Vulnerability in whoopsie
- - It was discovered that whoopsie incorrectly handled certain malformed crash
files. If a user using whoopsie were tricked into parsing and uploading a
specially c
Exploitation of this issue causes excessive memory consumption which results in
the Linux kernel triggering OOM killer on arbitrary process.
This results in the process being terminated by the OOM killer.
Please check the following PoC: whoopsie_killer.py
** Attachment removed: "memory leak poc"
I am utilizing the 8GB of RAM and pre-compiled version of Ubuntu 18.04.
Could you tell me how much ram do you have in that machine?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.ne
** Description changed:
Hi,
I have found a security issue on whoopsie 0.2.69 and earlier.
## Vulnerability in whoopsie
- - whoopsie 0.2.69 and earlier have a memory leak vulnerability.
- - An attacker can cause a denial of service (application crash) via a crafted
.crash file.
+ - It
** Summary changed:
- Memory leak in parse_report()
+ memory exhaustion in parse_report()
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1881982
Title:
memory exhaustion
This vulnerability may cause a memory exhaustion vulnerability in the
function parse_report() in whoopsie.c, which allows attackers to cause a
denial of service.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubun
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1881982
Title:
Memory leak in parse_report()
Status i
** Also affects: apport
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1876659
Title:
Unhandled exception in run_hang()
Status
** Also affects: apport
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1877023
Title:
Unhandled exception in check_ignored()
St
** Project changed: apport => apport (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1877023
Title:
Unhandled exception in check_ignored()
Status in apport package
Sure. This issue is also reproducible with pre-compiled version of
0.2.62ubuntu0.4.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer overflow in whoo
Thank you for your reply.
Please check the following video.
https://youtu.be/pGfOzcgd5CU
It also affects on whoopsie 0.2.69.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad
Public bug reported:
## Description
When we start apport-cli without PID, an unhandled exception in apport 2.20.11
and earlier may allow an authenticated user to potentially enable a denial of
service via local access.
The following command may cause an application crash due to an unhandled
exc
** Summary changed:
- heap-based buffer overflow in bson.c
+ integer overflow in whoopsie 0.2.69
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
integer ov
I would like to update the contents of 'Attack Scenario'.
from:
$ python -c "print('A' * 0x + ' : ' + 'B')" > /var/crash/fake.crash
to:
$ python -c "print('A' * 0xFFFE + ' : ' + 'B')" > /var/crash/fake.crash
Segfault can arise when the following requirements are met, as I mentioned
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560
Title:
heap-based buffer overflow in bson.c
S
”,
IEEE Trans on Pattern Analysis and Machine Intelligence, vol.33, no.2,
pp.209-223, 2011.
Sincerely,
Seong-Joong Kim
To manage notifications about this bug go to:
https://bugs.launchpad.net/fprintd/+bug/1822590/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to
17 matches
Mail list logo