CVE-2022-44910

Vulnerability

A heap buffer overflow vulnerability exists in Binbloom 2.0 (and possibly earlier versions) within the read_pointer function at src/helpers.c:67 [1]. The function reads a 4-byte value from a heap-allocated buffer without proper bounds validation, leading to a read past the allocated region. This occurs during the compute_candidates and find_base_address routines when processing a malformed input file [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted binary file to Binbloom. No authentication or special privileges are required as the tool is typically run on user-supplied files. The overflow is triggered when read_pointer attempts to read at an address beyond the allocated heap buffer, resulting in an AddressSanitizer-detected heap buffer overflow [1]. The crash reproduced on the latest commit (b9aada98) confirms the issue is present in the current codebase [1].

Impact

Successful exploitation leads to a program crash, causing denial of service. The overflow is a read operation, so it may also result in disclosure of adjacent heap memory, potentially leaking sensitive data. The reference demonstrates only a crash, but memory corruption could occur in other scenarios [1].

Mitigation

As of the latest commit (b9aada98) and Binbloom 2.0, no official patch has been released [1]. Users should avoid processing untrusted input files with Binbloom until a fix is available. No other workaround is documented.