Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation
Vulnerability Description
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page hashing, the function uses PointerToRawData and SizeOfRawData values from section headers without validating that the referenced region lies within the mapped file. An attacker can craft a PE file with section headers that point beyond the end of the file. When osslsigncode computes page hashes for such a file, it may attempt to hash data from an invalid memory region, causing an out-of-bounds read and potentially crashing the process. The vulnerability can be triggered while signing a malicious PE file with page hashing enabled (-ph), or while verifying a malicious signed PE file that already contains page hashes. Verification of an already signed file does not require the verifier to pass -ph. This vulnerability is fixed in 2.13.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
osslsigncode 缓冲区错误漏洞
Vulnerability Description
osslsigncode是Michał Trojnara个人开发者的一个小型工具。实现了 Microsoft 工具 signtool.exe 的部分功能。 osslsigncode 2.13之前版本存在缓冲区错误漏洞,该漏洞源于PE页面哈希计算代码中,处理PE节时使用未经验证的PointerToRawData和SizeOfRawData值,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A