Vulnerabilities in libgit2

Vivek and I discovered a couple of security bugs in the git index handling mechanism in libgit2, an year back. There were two CVEs assigned for the two issues discovered. CVE-2018-8098 - Integer overflow which causes out-of-bounds read. CVE-2018-8099 - Double free caused by incorrect return value. Following is the mail I originally sent out to libgit2 maintainers for reporting the vulnerabilities. Double-Free In read_entry() function, git_decode_varint() can be made to fail with it returning varint_len as 0.
Read more →

DoS in Python’s marshal

I discovered a DoS issue in Python’s marshal module. However, the Python community decided that this is not an (security) issue as it is already documented in marshal module that untrusted data is not supposed to be fed to that. So, here is a way to segfault the Python interpreter, if anyone needs a reliable way to do it. Last tested in Python 3.7.3 in Arch Linux on 16th July 2019.
Read more →