Patch for multiple integer overflows (CVE-2020-17360) and silent return on negative length (CVE-2020-17361)

ReadyTalk / avian

[INACTIVE] Avian is a lightweight virtual machine and class library designed to provide a useful subset of Java's features, suitable for building self-contained applications.

https://readytalk.github.io/avian/

Other

1.22k stars 172 forks source link

Patch for multiple integer overflows (CVE-2020-17360) and silent return on negative length (CVE-2020-17361) #571

Closed polivar3 closed 4 years ago

polivar3 commented 4 years ago

This patch will fix the following security issues in arrayCopy: -Two integer overflows resulting in out-of-bounds read/write (CVE-2020-17360). -A silent return when negative lengths are provided. This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer (CVE-2020-17361).

dicej commented 4 years ago

For the record, CI is failing because Travis is now using JDK 11, which Avian's build system has trouble with. Not sure how much work would be required to fix that. Not a blocker for this PR, anyway.

dicej commented 4 years ago

Thanks, @polivar3!

polivar3 commented 4 years ago

Thanks to you @dicej