Generation of Error Message Containing Sensitive Information in luigirizzo/netmap

Valid

Reported on

Feb 3rd 2022


Description

In the Netmap source code, calls to DbgPrint(); can be found to contain a formatting argument (%p to be specific) yet no argument, this would (in most cases) lead to nearby data being printed to the debug stream.

Impact

This vulnerability is capable of allowing an attacker to read data from kernel-space (albeit a very small amount and almost certainly at locations that the attacker cannot specify) which may contain sensitive information.

Occurrences

DbgPrint("unimplemented generic_timer_handler %p\n");

All of the other occurances of this issue follow a similar format.

We are processing your report and will contact the luigirizzo/netmap team within 24 hours. 4 months ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 4 months ago
We have contacted a member of the luigirizzo/netmap team and are waiting to hear back 4 months ago
luigirizzo
4 months ago

Maintainer


I can confirm the bug, but the Windows port is currently unmaintained and very likely unused.

Michael Rowley submitted a
4 months ago
Michael Rowley submitted a
4 months ago
Michael Rowley submitted a
4 months ago
Michael Rowley
4 months ago

Researcher


Thanks for confirming the bug, if the Windows port is less used then I doubt anyone would have been bothered to exploit this which is good! I have submitted a pull request from a fork that has the patch (https://github.com/luigirizzo/netmap/pull/836) so if everything looks okay; could you validate this report and the fix?

Thanks, Michael

luigirizzo validated this vulnerability 4 months ago
Michael Rowley has been awarded the disclosure bounty
The fix bounty is now up for grabs
luigirizzo confirmed that a fix has been merged on df7abd 4 months ago
Michael Rowley has been awarded the fix bounty
netmap_windows.c#L971 has been validated
netmap_windows.c#L993 has been validated
netmap_windows.c#L999 has been validated
netmap_windows.c#L983 has been validated
to join this conversation