From e0d31e932798b8130ecbb592a3739c29cb8f604f Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 10 Jul 2024 15:32:48 -0400 Subject: [PATCH] Add advisories for numeric bugs in GHC --- advisories/ghc/ghc/HSEC-2024-0007.md | 36 ++++++++++++++++++++ advisories/ghc/ghc/HSEC-2024-0008.md | 35 +++++++++++++++++++ advisories/hackage/base/HSEC-2024-0006.md | 41 +++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 advisories/ghc/ghc/HSEC-2024-0007.md create mode 100644 advisories/ghc/ghc/HSEC-2024-0008.md create mode 100644 advisories/hackage/base/HSEC-2024-0006.md diff --git a/advisories/ghc/ghc/HSEC-2024-0007.md b/advisories/ghc/ghc/HSEC-2024-0007.md new file mode 100644 index 00000000..c5cac3a0 --- /dev/null +++ b/advisories/ghc/ghc/HSEC-2024-0007.md @@ -0,0 +1,36 @@ +```toml +[advisory] +id = "HSEC-2024-0007" +cwe = [194] +keywords = ["integrity", "dos", "historical"] + +[[affected]] +ghc-component = "ghc" +cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" + +[[affected.versions]] +introduced = "9.2.4" +fixed = "9.2.5" + +[[affected.versions]] +introduced = "9.4.2" +fixed = "9.4.3" + +[[references]] +type = "REPORT" +url = "https://gitlab.haskell.org/ghc/ghc/-/issues/22282" + +[[references]] +type = "FIX" +url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9152" + +[[references]] +type = "FIX" +url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9139" +``` + +# Sign extension error in the AArch64 NCG + +Arithmetic operations may result in incorrect runtime results on the native aarch64 backend. +For the most part, this bug only causes availability and data integrity issues. +However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions. diff --git a/advisories/ghc/ghc/HSEC-2024-0008.md b/advisories/ghc/ghc/HSEC-2024-0008.md new file mode 100644 index 00000000..78e4e0f9 --- /dev/null +++ b/advisories/ghc/ghc/HSEC-2024-0008.md @@ -0,0 +1,35 @@ +```toml +[advisory] +id = "HSEC-2024-0008" +cwe = [194] +keywords = ["integrity", "dos"] + +[[affected]] +ghc-component = "ghc" +cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" + +[[affected.versions]] +introduced = "9.2.1" +fixed = "9.6.6" + +[[affected.versions]] +introduced = "9.8.1" +fixed = "9.8.3" + +[[affected.versions]] +introduced = "9.10.1" + +[[references]] +type = "REPORT" +url = "https://gitlab.haskell.org/ghc/ghc/-/issues/23034" + +[[references]] +type = "FIX" +url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/12885" +``` + +# Sign extension error in the PPC64le FFI + +Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values. +For the most part, this bug only causes availability and data integrity issues. +However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions. diff --git a/advisories/hackage/base/HSEC-2024-0006.md b/advisories/hackage/base/HSEC-2024-0006.md new file mode 100644 index 00000000..593bd5fa --- /dev/null +++ b/advisories/hackage/base/HSEC-2024-0006.md @@ -0,0 +1,41 @@ +```toml +[advisory] +id = "HSEC-2024-0006" +cwe = [192] +keywords = ["integrity", "dos", "historical"] + +[[affected]] +package = "base" +cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" + +[[affected.versions]] +introduced = "4.15.0.0" +fixed = "4.15.1.0" + +[[references]] +type = "REPORT" +url = "https://gitlab.haskell.org/ghc/ghc/-/issues/19345" + +[[references]] +type = "REPORT" +url = "https://gitlab.haskell.org/ghc/ghc/-/issues/20066" + +[[references]] +type = "FIX" +url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/4980" + +[[references]] +type = "FIX" +url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6109" +``` + +# `fromIntegral`: conversion error + +`fromIntegral` may result in coercion errors when used with optimization flags `-O1` or `-O2` +in the following situation: + +- Converting negative `Int` to `Natural` does not throw an arithmetic underflow error +- Converting large `Integer` greater than 2^64 to `Natural` overflow. + +For the most part, these errors in and of themselves result only in availability and data integrity issues. +However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.