Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Xmilia Hermit <xmilia.hermit@...>
Date: Thu, 16 Mar 2023 16:30:03 +0100

Alexander Chernoskutov:

Could someone please assess, is this bug exploitable from the securitypoint of view? Is it possible to potentially escape the interpreterand run arbitrary code (on a system with no memory protection), ormemory corruption is unpredictable?

This can likely be used to get arbitrary code execution with a preparedheap memory layout. However, when allowing untrusted code to load binaryLua chunks, they can get arbitrary code execution in other (easier) waystoo. Therefore, sandboxes that already disabled the loading of binaryLua chunks for security should not be affected.


Regards,
Xmilia

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Alexander Chernoskutov

Prev by Date: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by Date: RE: Entropy in the implementation of Lua
Previous by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Index(es):
- Date
- Thread