A Use-After-Free Bug in Redox

less than 1 minute read

Published:

This is the brief description of CVE-2020-22429. For more details, please refer to Reference.

[Description]

redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.


[VulnerabilityType Other]

Use After Free


[Vendor of Product]

https://gitlab.redox-os.org/redox-os/relibc


[Affected Product Code Base]

redox-os - 0.1.0

Note that the bugs still exist as of writing (2023-04-29).


[Affected Component]

  • netdb::gethostbyaddr
  • netdb::gethostbyname
  • netdb::getprotoent
  • netdb::getservent

[Attack Type]

Local


[Impact Code execution]

true


[Attack Vectors]

To exploit the vulnerability, someone must call the above functions and access the global dangling pointer.


[Reference]

https://gitlab.redox-os.org/redox-os/relibc/issues/159


[Discoverer]

bobbqqin@gmail.com

I found the bugs by using lockbud, a static bug detector for Rust.