9fans plan9port Null Pointer Dereference Vulnerability in X.509 Value Decode Function
Vulnerability
A null pointer dereference vulnerability has been identified in 9fans plan9port versions prior to commit 9da5b44. The issue arises in the X.509 value_decode function within the library src/libsec/port/x509.c. This vulnerability requires local access to exploit and has been publicly disclosed, with an available proof-of-concept exploit.
Impact
Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.
Reproduction
The vulnerability can be reproduced by compiling the plan9port source code with Clang, using AddressSanitizer to detect memory errors. After applying a fuzzing harness that targets the value_decode function, the application can be run with a crafted input that triggers the null pointer dereference.
Remediation
Users are advised to update to the latest version of plan9port, which includes the patch for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.