CWE-476: NULL Pointer Dereference in DigiDoc3 with DDOC files 1 Timeline 1.1 Discovery: 2014.10.20 1.2 Reported: 2015.03.07 1.3 Vendor Response: SUPPORT #INC134651 at 2015.03.07 1.3.1 CERT-EE case #3185 at 2015.03.08 1.4 Date of Disclosure: 2015.06.29 2 Description A NULL pointer dereference occurs when the application dereferences a pointer associated with variable g_supportedFormatsAndVersions[] causing a crash and exit. 2.1 Document Used to Reproduce the Error 2.2 Error Reports 2.2.1 Win 7 Operating system: Windows NT 6.1.7601 Service Pack 1 CPU: x86 GenuineIntel family 6 model 42 stepping 7 CPU 2s Crash reason: EXCEPTION_ACCESS_VIOLATION_READ Crash address: 0x0 Thread 0 (crashed) 0 digidoc.dll + 0x10545 Found by: given as instruction pointer in context ... 2.2.2 Linux linuxmint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ sha256sum /usr/bin/cdigidoc 5d96803bff3cbc6faced002023c4ca711379611448a3b3733339fe6f552b88db /usr/bin/cdigidoc $ cdigidoc -verify -in Documents/CVE-2015-ZXCVB.ddoc initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 12 CN: TEST Juur-SK file: TEST Juur-SK.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 13 CN: TEST-SK file: TEST-SK.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 14 CN: TEST of EE Certification Centre Root CA file: TEST EECCRCA.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 15 CN: TEST of ESTEID-SK 2011 file: TEST ESTEID-SK 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 16 CN: TEST of EID-SK 2011 file: TEST EID-SK 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 17 CN: TEST of KLASS3-SK 2010 file: TEST KLASS3 2010.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 1 CN: TEST-SK OCSP RESPONDER 2005 file: TEST-SK OCSP 2005.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 15 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 16 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 17 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 18 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 19 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt initCertificateItems [2015-03-07 20:02:26] Error: 2 reading item: 20 CN: TEST of SK OCSP RESPONDER 2011 file: TEST SK OCSP 2011.crt Segmentation fault $ 2.2.3 Mac OS X Not tested. 3 Known Versions Affected 3.1 qdigidocclient versioon 3.9.1.1369, avaldatud 19.09.2014 Baastarkvara: Eesti ID-kaardi tarkvara 3.9.1.1526 (64 bit) (3.9.1.1526) 3.2 The Latest 3.2.1 Windows qdigidocclient versioon 3.10.0.1401, avaldatud 16.02.2015 Baastarkvara: Eesti ID-kaardi tarkvara 3.10.0.1566 (64 bit) (3.10.0.1566) 3.2.2 Linux qdigidocclient version 3.10.0.1401, released 16.02.2015 Base version: estonianidcard (3.10.0.1564-1404) 4 Links 4.1 http://cwe.mitre.org/data/definitions/476.html 5. Credit Aivar Liimets 6. Mitigation Unknown. Vendor chose not to update the software.