fix zlib (unzip) version string - Githubissues

e-m-b-a / emba

EMBA - The firmware security analyzer

https://www.securefirmware.de

GNU General Public License v3.0

2.49k stars 223 forks source link

fix zlib (unzip) version string #1164

Closed gluesmith2021 closed 1 month ago

gluesmith2021 commented 1 month ago

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)**

bug fix

What is the current behavior? (You can also link to an open issue here)**

Des not search for CVEs for zlib if it is detected with the unzip version string, because the leading space in the matched string is kept in the name:version replacement string.

In s09_firmware_base_version_check.txt

[+] Version information found  unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll in binary logs/firmware/patool_extraction/disk3/opt/navi/EBNavi/libBusinessLogic.so (-rwxrwxr-x root root) (license: Zlib) (static).
[+] Version information found  unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll in binary logs/firmware/patool_extraction/disk3/opt/navi/asia_navi/apnnavc (-rwxrwxr-x root root) (license: Zlib) (static).

In f20_vul_aggregator.txt

[[0;31m-[0m] WARNING: Broken version identifier found: [0;33m zlib:1.0.1[0m

Then F20 does not proceed any further.

What is the new behavior (if this is a feature change)? If possible add a screenshot.

Now with the extra leading space removed, it correctly identifies zlib and finds CVEs:

[*] Vulnerability details for zlib / version 1.0.1 / source STAT:

    BIN NAME            :   BIN VERS    :   CVE ID            :  CVSS VALUE : EPSS :   SOURCE         :   EXPLOIT
    zlib                :   1.0.1       :   CVE-2018-25032    :   7.5       :  NA  :   STAT           :   No exploit available
    zlib                :   1.0.1       :   CVE-2002-0059     :   9.8       :  NA  :   STAT           :   No exploit available
    zlib                :   1.0.1       :   CVE-2022-37434    :   9.8       :  NA  :   STAT           :   No exploit available
    zlib                :   1.0.1       :   CVE-2023-6992     :   5.5       :  NA  :   STAT           :   No exploit available
    zlib                :   1.0.1       :   CVE-2023-45853    :   9.8       :  NA  :   STAT           :   No exploit available

[+] Found 5 CVEs and 0 exploits (including POC's) in zlib with version 1.0.1 (source STAT).

Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)**

No

Other information: