Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-24130 crashes mlterm #35

Closed
ghost opened this issue Feb 1, 2022 · 1 comment
Closed

CVE-2022-24130 crashes mlterm #35

ghost opened this issue Feb 1, 2022 · 1 comment

Comments

@ghost
Copy link

ghost commented Feb 1, 2022
edited by ghost
Loading

As reported by @dankamongmen here: https://nvd.nist.gov/vuln/detail/CVE-2022-24130 , a large repeat count within a sixel sequence can cause a crash, either from buffer under/overflow or out of memory. I confirmed that on git head mlterm crashes.

https://www.openwall.com/lists/oss-security/2022/01/30/3 has a nice test script:

#!/bin/bash
printf "\ePq"
printf "#%hhu;2;%hhu;%hhu;%hhu" 0x41 100 100 100
printf "#%hhu!%u@" 0x41 0x7fffffff
printf "#%hhu!%u@" 0x41 0x7fffffff
printf "\e\\"

Some additional discussion with other terminals is here: https://gitlab.com/klamonte/jexer/-/issues/105
arakiken added a commit that referenced this issue Feb 3, 2022
@arakiken
* c_sixel.c: Fix segmentation fault when the repeat count in sixel
2ee22f5 
  sequence is over 512.
  (#35)
@arakiken
Copy link
Owner

arakiken commented Feb 3, 2022

Thanks very much.
I fixed.
2ee22f5

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Apr 4, 2023
@tsutsui
mlterm: update to 3.9.3.
77f07b2 
pkgsrc changes:
* make mlconfig.po installed properly (#66)
* remove local patches integrated into upstream

Upstream changes (noted in doc/en/ReleaseNote):

ver 3.9.3
* mlterm-wl supports xdg-decoration.
* Add --disable-compact-truecolor option to ./configure script.
* Add vte 0.68 API symbols to libvte compatible library.
* Add libvterm 0.2 API symbols to libvterm compatible library.
* Add --sdpr / simple_scrollbar_dpr option.
  (arakiken/mlterm#64)
* Set "COLORTERM=truecolor" environmental variable.
  (arakiken/mlterm#36)
* Update unicode property table (generated from UnicodeData.txt and
  EastAsianWidth.txt) to version 15.0.0.
* Support mosh-1.4.0.
* Merge patches:
  arakiken/mlterm#45.
  arakiken/mlterm#46.
  arakiken/mlterm#48.
  arakiken/mlterm#49.
  arakiken/mlterm#55. (Add --role / wm_role option)
  arakiken/mlterm#57.
  arakiken/mlterm#61.
  arakiken/mlterm#62.
  arakiken/mlterm#63.
* Bug fixes:
  Fix arakiken/mlterm#34.
  Fix arakiken/mlterm#35.
  Fix arakiken/mlterm#39.
  Fix arakiken/mlterm#44.
  Fix arakiken/mlterm#50.
  Fix arakiken/mlterm#51.
  Fix arakiken/mlterm#53.
  Fix https://twitter.com/isaki68k/status/1555895011991883783.
  Fix segfault in starting mlterm with --dyncomb and --otl.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arakiken