Bug 27969 - matio possible new security issue CVE-2019-20052
Summary: matio possible new security issue CVE-2019-20052
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords: feedback
Depends on:
Blocks:
 
Reported: 2020-12-29 08:17 CET by Zombie Ryushu
Modified: 2021-01-02 00:51 CET (History)
3 users (show)

See Also:
Source RPM: matio-1.5.17-3.mga8.src.rpm
CVE: CVE-2019-20052
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-29 08:17:05 CET 
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.
Zombie Ryushu 2020-12-29 08:17:19 CET

CVE: (none) => CVE-2019-20052

Comment 1 David Walser 2020-12-29 17:08:25 CET 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052

Fix is here:
https://github.com/tbeu/matio/commit/a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3

It's not clear what versions (if any) are actually affected.

Assignee: bugsquad => geiger.david68210
Summary: matio security flaw CVE-2019-20052 => matio possible new security issue CVE-2019-20052
CC: (none) => nicolas.salguero
Status comment: (none) => Patch available from upstream
Whiteboard: (none) => MGA7TOO
Severity: normal => major

Comment 2 Nicolas Lécureuil 2020-12-30 20:08:20 CET 
Fixed in cauldron.

Package pushed in mga7:

src:
    matio-1.5.16-1.2.mga7

Assignee: geiger.david68210 => qa-bugs
CC: (none) => mageia
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 3 David Walser 2020-12-30 23:58:24 CET 
Advisory:
========================

Updated matio packages fix security vulnerability:

A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because
SafeMulDims does not consider the rank==0 case (CVE-2019-20052).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052
========================

Updated packages in core/updates_testing:
========================
matio-1.5.16-1.2.mga7
libmatio9-1.5.16-1.2.mga7
libmatio-devel-1.5.16-1.2.mga7

from matio-1.5.16-1.2.mga7.src.rpm

Status comment: Patch available from upstream => (none)

Comment 4 Len Lawrence 2021-01-01 19:00:53 CET 
mga7, x86_64

CVE-2019-20052
https://github.com/tbeu/matio/issues/131
$ matdump 006-memleak 
InflateRankDims: inflate returned data error
InflateVarNameTag: inflate returned data error
Empty
InflateRankDims: Reading dimensions expected type MAT_T_INT32
InflateRankDims: Reading dimensions expected type MAT_T_INT32
      Name: 
      Rank: 0
InflateRankDims: inflate returned data error
Segmentation fault (core dumped)

Updated packages.
$ rpm -q matio
matio-1.5.16-1.2.mga7

$ matdump 006-memleak 
InflateRankDims: inflate returned data error
InflateVarNameTag: inflate returned data error
Empty
InflateRankDims: Reading dimensions expected type MAT_T_INT32
      Name: 
      Rank: 0
InflateRankDims: inflate returned data error
Segmentation fault (core dumped)

There is only a minor difference which gives the impression that the patch does not work.  Upstream had difficulty verifying the fix or even the issue.

So, what do we do in a case like this - just carry on regardless?
I probably shall anyway.

CC: (none) => tarazed25

Comment 5 David Walser 2021-01-01 20:31:18 CET 
Someone needs to tell upstream that it's not fixed.

Whiteboard: (none) => feedback

Len Lawrence 2021-01-02 00:51:12 CET

Whiteboard: feedback => (none)
Keywords: (none) => feedback
Note You need to log in before you can comment on or make changes to this bug.