Skip to content

Commit

Permalink
Add advisories for numeric bugs in GHC
Browse files Browse the repository at this point in the history
  • Loading branch information
@TristanCacqueray
TristanCacqueray committed Jul 20, 2024
1 parent 9087fcb commit fbd7d91
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 0 deletions.
36 changes: 36 additions & 0 deletions advisories/ghc/compiler/HSEC-2024-0007.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
```toml
[advisory]
id = "HSEC-2024-0007"
cwe = [194]
keywords = ["integrity", "dos", "historical"]

[[affected]]
ghc-component = "compiler"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "9.2.4"
fixed = "9.2.5"

[[affected.versions]]
introduced = "9.4.2"
fixed = "9.4.3"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/22282"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9152"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/9139"
```

# Sign extension error in the AArch64 NCG

Arithmetic operations may result in incorrect runtime results on the native aarch64 backend.
For the most part, this bug only causes availability and data integrity issues.
However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.
27 changes: 27 additions & 0 deletions advisories/ghc/compiler/HSEC-2024-0008.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
```toml
[advisory]
id = "HSEC-2024-0008"
cwe = [194]
keywords = ["integrity", "dos"]

[[affected]]
ghc-component = "compiler"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "9.2.1"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/23034"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/12885"
```

# Sign extension error in the PPC64le FFI

Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values.
For the most part, this bug only causes availability and data integrity issues.
However, in some circumstances, it may result in other, more complicated security related flaws, such as buffer overflow conditions.
41 changes: 41 additions & 0 deletions advisories/hackage/base/HSEC-2024-0006.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
```toml
[advisory]
id = "HSEC-2024-0006"
cwe = [192]
keywords = ["integrity", "dos", "historical"]

[[affected]]
package = "base"
cvss = "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"

[[affected.versions]]
introduced = "4.15.0.0"
fixed = "4.15.1.0"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/19345"

[[references]]
type = "REPORT"
url = "https://gitlab.haskell.org/ghc/ghc/-/issues/20066"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/4980"

[[references]]
type = "FIX"
url = "https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6109"
```

# `fromIntegral`: conversion error

`fromIntegral` may result in coercion errors when used with optimization flags `-O1` or `-O2`
in the following situation:

- Converting negative `Int` to `Natural` does not throw an arithmetic underflow error
- Converting large `Integer` greater than 2^64 to `Natural` overflow.

For the most part, these errors in and of themselves result only in availability and data integrity issues.
However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.

0 comments on commit fbd7d91

Please sign in to comment.