OSV-2021-585

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-585

Published

2021-03-31T00:00:26.273923Z

Modified

2022-04-13T03:04:42.321301Z

Summary

Heap-buffer-overflow in ebitmap_match_any

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675

Crash type: Heap-buffer-overflow READ 8
Crash state:
ebitmap_match_any
avtab_map
cil_check_neverallow

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675

Affected packages

OSS-Fuzz / selinux

Package

Name: selinux
Purl: pkg:generic/selinux

Affected ranges

Type: GIT
Repo: https://github.com/SELinuxProject/selinux
Events: Introduced

0451adebdf153eee1f69914141311114a0130982

Fixed

340f0eb7f3673e8aacaf0a96cbfcd4d12a405521

Fixed

bad0a746e9f4cf260dedba5828d9645d50176aac

Affected versions

3.*

3.2

3.2-rc3

checkpolicy-3.*

checkpolicy-3.2

checkpolicy-3.2-rc3

libselinux-3.*

libselinux-3.2

libselinux-3.2-rc3

libsemanage-3.*

libsemanage-3.2

libsemanage-3.2-rc3

libsepol-3.*

libsepol-3.2

libsepol-3.2-rc3

mcstrans-3.*

mcstrans-3.2

mcstrans-3.2-rc3

policycoreutils-3.*

policycoreutils-3.2

policycoreutils-3.2-rc3

restorecond-3.*

restorecond-3.2

restorecond-3.2-rc3

secilc-3.*

secilc-3.2

secilc-3.2-rc3

selinux-dbus-3.*

selinux-dbus-3.2

selinux-dbus-3.2-rc3

selinux-gui-3.*

selinux-gui-3.2

selinux-gui-3.2-rc3

selinux-python-3.*

selinux-python-3.2

selinux-python-3.2-rc3

selinux-sandbox-3.*

selinux-sandbox-3.2

selinux-sandbox-3.2-rc3

semodule-utils-3.*

semodule-utils-3.2

semodule-utils-3.2-rc3

Ecosystem specific

{
    "severity": "MEDIUM",
    "fixed_range": "d1a34d3f1df5e90c9e01fcd9791c26db89064a7e:340f0eb7f3673e8aacaf0a96cbfcd4d12a405521"
}

Database specific

{
    "fixed_range": "d1a34d3f1df5e90c9e01fcd9791c26db89064a7e:bad0a746e9f4cf260dedba5828d9645d50176aac"
}