Skip to content

Commit

Permalink
Add advisories for numeric bugs in GHC
Browse files Browse the repository at this point in the history
  • Loading branch information
@TristanCacqueray @frasertweedale
TristanCacqueray authored and frasertweedale committed Jul 30, 2024
1 parent c0da198 commit 9b3d505
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 0 deletions.
36 changes: 36 additions & 0 deletions advisories/ghc/ghc/HSEC-2024-0007.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
```toml
[advisory]
id = "HSEC-2024-0007"
cwe = [194]
keywords = ["integrity", "dos", "historical"]

[[affected]]
ghc-component = "ghc"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "9.2.4"
fixed = "9.2.5"

[[affected.versions]]
introduced = "9.4.2"
fixed = "9.4.3"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/22282"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9152"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9139"
```

# Sign extension error in the AArch64 NCG

Arithmetic operations may result in incorrect runtime results on the native aarch64 backend.
For the most part, this bug only causes availability and data integrity issues.
However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.
27 changes: 27 additions & 0 deletions advisories/ghc/ghc/HSEC-2024-0008.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
```toml
[advisory]
id = "HSEC-2024-0008"
cwe = [194]
keywords = ["integrity", "dos"]

[[affected]]
ghc-component = "ghc"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "9.2.1"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/23034"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/12885"
```

# Sign extension error in the PPC64le FFI

Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values.
For the most part, this bug only causes availability and data integrity issues.
However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.
41 changes: 41 additions & 0 deletions advisories/hackage/base/HSEC-2024-0006.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
```toml
[advisory]
id = "HSEC-2024-0006"
cwe = [192]
keywords = ["integrity", "dos", "historical"]

[[affected]]
package = "base"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "4.15.0.0"
fixed = "4.15.1.0"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/19345"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/20066"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/4980"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6109"
```

# `fromIntegral`: conversion error

`fromIntegral` may result in coercion errors when used with optimization flags `-O1` or `-O2`
in the following situation:

- Converting negative `Int` to `Natural` does not throw an arithmetic underflow error
- Converting large `Integer` greater than 2^64 to `Natural` overflow.

For the most part, these errors in and of themselves result only in availability and data integrity issues.
However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.

0 comments on commit 9b3d505

Please sign in to comment.