Bug 22958 (CVE-2018-8086) - REJECTED: Segmentation fault in basename (CVE-2018-8086)
Summary: REJECTED: Segmentation fault in basename (CVE-2018-8086)
Status: RESOLVED INVALID
Alias: CVE-2018-8086
Product: glibc
Classification: Unclassified
Component: string (show other bugs)
Version: 2.26
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-13 14:02 UTC by Florian Weimer
Modified: 2018-03-31 12:30 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2018-03-13 14:02:36 UTC
We received a downstream bug report about an alleged crash in basename, complete with CVE assignment.  However, it looks like the fuzzing process was set up incorrectly and the function just ran off the page because the input string was not NUL-terminated:

  https://bugzilla.redhat.com/show_bug.cgi?id=1554538

This bug is just a notification/placeholder for tracking.
Comment 1 Florian Weimer 2018-03-13 15:59:29 UTC
CVE assignment was premature.  There is no bug.