Short Name |
HTTP:LIBMSPACK-OFF-BY-ONE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Libmspack Project cabd_sys_read_block Off By One |
Release Date |
2019/01/22 |
Update Number |
3136 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Libmspack Project. This vulnerability is due to improper handling of block alignment when processing blocks using Quantum compression in the cabd_sys_read_block function. A remote attacker could exploit this vulnerability by enticing a target user to open an malicious crafted CAB file with an application that uses vulnerable library. Successful exploitation of the vulnerability may result in arbitrary code execution under the security context of the user.
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.