OSV-2021-585

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-585
Published
2021-03-31T00:00:26.273923Z
Modified
2022-04-13T03:04:42.321301Z
Summary
Heap-buffer-overflow in ebitmap_match_any
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675

Crash type: Heap-buffer-overflow READ 8
Crash state:
ebitmap_match_any
avtab_map
cil_check_neverallow
References

Affected packages

OSS-Fuzz / selinux

Package

Name
selinux
Purl
pkg:generic/selinux

Affected ranges

Type
GIT
Repo
https://github.com/SELinuxProject/selinux
Events

Affected versions

3.*
3.2
3.2-rc3
checkpolicy-3.*
checkpolicy-3.2
checkpolicy-3.2-rc3
libselinux-3.*
libselinux-3.2
libselinux-3.2-rc3
libsemanage-3.*
libsemanage-3.2
libsemanage-3.2-rc3
libsepol-3.*
libsepol-3.2
libsepol-3.2-rc3
mcstrans-3.*
mcstrans-3.2
mcstrans-3.2-rc3
policycoreutils-3.*
policycoreutils-3.2
policycoreutils-3.2-rc3
restorecond-3.*
restorecond-3.2
restorecond-3.2-rc3
secilc-3.*
secilc-3.2
secilc-3.2-rc3
selinux-dbus-3.*
selinux-dbus-3.2
selinux-dbus-3.2-rc3
selinux-gui-3.*
selinux-gui-3.2
selinux-gui-3.2-rc3
selinux-python-3.*
selinux-python-3.2
selinux-python-3.2-rc3
selinux-sandbox-3.*
selinux-sandbox-3.2
selinux-sandbox-3.2-rc3
semodule-utils-3.*
semodule-utils-3.2
semodule-utils-3.2-rc3

Ecosystem specific

{
    "fixed_range": "d1a34d3f1df5e90c9e01fcd9791c26db89064a7e:340f0eb7f3673e8aacaf0a96cbfcd4d12a405521",
    "severity": "MEDIUM"
}

Database specific

fixed_range
"d1a34d3f1df5e90c9e01fcd9791c26db89064a7e:bad0a746e9f4cf260dedba5828d9645d50176aac"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml"