Monthly Archives: February 2016

portage-utils: stack-based buffer overflow in qfile.c

Description: Portage-utils is small and fast portage helper tools written in C. I discovered that a crafted file is able to cause a stack-based buffer overflow. The complete ASan output: ~ # qfile -f qfile-OOB-crash.log ================================================================= ==12240==ERROR: AddressSanitizer: stack-buffer-overflow on … Continue reading

Posted in advisories, gentoo, security | 3 Comments

portage-utils: heap-based buffer overflow in qlop.c

Description: Portage-utils is small and fast portage helper tools written in C. I discovered that a crafted file is able to cause an heap-based buffer overflow. The complete ASan output: ~ # qlop -f $CRAFTED_FILE -s Mon Jan 25 11:38:31 … Continue reading

Posted in advisories, security | Leave a comment