Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libtre-dev", "binary_version": "0.8.0-3+deb7u1ubuntu1" }, { "binary_name": "libtre5", "binary_version": "0.8.0-3+deb7u1ubuntu1" }, { "binary_name": "libtre5-dbgsym", "binary_version": "0.8.0-3+deb7u1ubuntu1" }, { "binary_name": "tre-agrep", "binary_version": "0.8.0-3+deb7u1ubuntu1" }, { "binary_name": "tre-agrep-dbgsym", "binary_version": "0.8.0-3+deb7u1ubuntu1" } ] }
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "musl", "binary_version": "0.9.15-1ubuntu0.1~esm1" }, { "binary_name": "musl-dev", "binary_version": "0.9.15-1ubuntu0.1~esm1" }, { "binary_name": "musl-tools", "binary_version": "0.9.15-1ubuntu0.1~esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libtre-dev", "binary_version": "0.8.0-4+deb8u1build0.16.04.1" }, { "binary_name": "libtre5", "binary_version": "0.8.0-4+deb8u1build0.16.04.1" }, { "binary_name": "libtre5-dbgsym", "binary_version": "0.8.0-4+deb8u1build0.16.04.1" }, { "binary_name": "tre-agrep", "binary_version": "0.8.0-4+deb8u1build0.16.04.1" }, { "binary_name": "tre-agrep-dbgsym", "binary_version": "0.8.0-4+deb8u1build0.16.04.1" } ] }
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "musl", "binary_version": "1.1.9-1ubuntu0.1~esm2" }, { "binary_name": "musl-dev", "binary_version": "1.1.9-1ubuntu0.1~esm2" }, { "binary_name": "musl-tools", "binary_version": "1.1.9-1ubuntu0.1~esm2" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libtre-dev", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5-dbgsym", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep-dbgsym", "binary_version": "0.8.0-6" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libtre-dev", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5-dbgsym", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep-dbgsym", "binary_version": "0.8.0-6" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libtre-dev", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5", "binary_version": "0.8.0-6" }, { "binary_name": "libtre5-dbgsym", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep", "binary_version": "0.8.0-6" }, { "binary_name": "tre-agrep-dbgsym", "binary_version": "0.8.0-6" } ] }