OSV-2021-421

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-421

Published

2021-02-20T00:00:20.081676Z

Modified

2022-04-13T03:04:42.358814Z

Summary

Heap-use-after-free in __cil_verify_classperms

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124

Crash type: Heap-use-after-free READ 8
Crash state:
__cil_verify_classperms
__verify_map_perm_classperms
hashtab_map

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124

Affected packages

OSS-Fuzz / selinux

Package

Name: selinux
Purl: pkg:generic/selinux

Affected ranges

Type: GIT
Repo: https://github.com/SELinuxProject/selinux
Events: Introduced

0451adebdf153eee1f69914141311114a0130982

Fixed

2d35fcc7e9e976a2346b1de20e54f8663e8a6cba

Affected versions

3.*

3.2

3.2-rc3

checkpolicy-3.*

checkpolicy-3.2

checkpolicy-3.2-rc3

libselinux-3.*

libselinux-3.2

libselinux-3.2-rc3

libsemanage-3.*

libsemanage-3.2

libsemanage-3.2-rc3

libsepol-3.*

libsepol-3.2

libsepol-3.2-rc3

mcstrans-3.*

mcstrans-3.2

mcstrans-3.2-rc3

policycoreutils-3.*

policycoreutils-3.2

policycoreutils-3.2-rc3

restorecond-3.*

restorecond-3.2

restorecond-3.2-rc3

secilc-3.*

secilc-3.2

secilc-3.2-rc3

selinux-dbus-3.*

selinux-dbus-3.2

selinux-dbus-3.2-rc3

selinux-gui-3.*

selinux-gui-3.2

selinux-gui-3.2-rc3

selinux-python-3.*

selinux-python-3.2

selinux-python-3.2-rc3

selinux-sandbox-3.*

selinux-sandbox-3.2

selinux-sandbox-3.2-rc3

semodule-utils-3.*

semodule-utils-3.2

semodule-utils-3.2-rc3

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml"