OSV-2021-536

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-536

Published

2021-03-19T00:01:12.719776Z

Modified

2022-04-13T03:04:42.350659Z

Summary

Heap-use-after-free in cil_reset_classpermission

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177

Crash type: Heap-use-after-free READ 8
Crash state:
cil_reset_classpermission
cil_reset_classperms_set
cil_reset_classperms_list

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177

Affected packages

OSS-Fuzz / selinux

Package

Name: selinux
Purl: pkg:generic/selinux

Affected ranges

Type: GIT
Repo: https://github.com/SELinuxProject/selinux
Events: Introduced

0451adebdf153eee1f69914141311114a0130982

Fixed

c49a8ea09501ad66e799ea41b8154b6770fec2c8

Affected versions

3.*

3.2

3.2-rc3

checkpolicy-3.*

checkpolicy-3.2

checkpolicy-3.2-rc3

libselinux-3.*

libselinux-3.2

libselinux-3.2-rc3

libsemanage-3.*

libsemanage-3.2

libsemanage-3.2-rc3

libsepol-3.*

libsepol-3.2

libsepol-3.2-rc3

mcstrans-3.*

mcstrans-3.2

mcstrans-3.2-rc3

policycoreutils-3.*

policycoreutils-3.2

policycoreutils-3.2-rc3

restorecond-3.*

restorecond-3.2

restorecond-3.2-rc3

secilc-3.*

secilc-3.2

secilc-3.2-rc3

selinux-dbus-3.*

selinux-dbus-3.2

selinux-dbus-3.2-rc3

selinux-gui-3.*

selinux-gui-3.2

selinux-gui-3.2-rc3

selinux-python-3.*

selinux-python-3.2

selinux-python-3.2-rc3

selinux-sandbox-3.*

selinux-sandbox-3.2

selinux-sandbox-3.2-rc3

semodule-utils-3.*

semodule-utils-3.2

semodule-utils-3.2-rc3

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml"