Arch Linux: ASA-201602-7 Low Severity: Libbsd Denial of Service

The package libbsd before version 0.8.2-1 is vulnerable to denial of service due to a buffer overflow in the "fgetwln"-function.

Arch Linux Security Advisory ASA-201602-7
=========================================
Severity: Low
Date    : 2016-02-04
CVE-ID  : CVE-2016-2090
Package : libbsd
Type    : denial of service
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package libbsd before version 0.8.2-1 is vulnerable to denial of
service due to a buffer overflow in the "fgetwln"-function.

Resolution
=========
Upgrade to 0.8.2-1.

# pacman -Syu "libbsd>=0.8.2-1"

The problem has been fixed upstream in version 0.8.2.

Workaround
=========
None.

Description
==========
- CVE-2016-2090 (buffer overflow)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An "if" checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of bounds
write happens.

Impact
=====
A local attacker might be able to crash the application.

References
=========
https://access.redhat.com/security/cve/CVE-2016-2090

https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html