out-of-bounds access in the Header_populateFromSettings function (CVE-2024-37676)

[carnil]

Hi

While reviewing some CVEs in downstream Debian distribution including htop, I noticed there was a CVE assignment https://www.cve.org/CVERecord?id=CVE-2024-37676 with only reference https://gist.github.com/Cirno9-dev/0109cde3bdbe7eccc6770515106740b7

Is this something which was reported upstream?

[BenBE]

While reviewing some CVEs in downstream Debian distribution including htop, I noticed there was a CVE assignment https://www.cve.org/CVERecord?id=CVE-2024-37676 with only reference https://gist.github.com/Cirno9-dev/0109cde3bdbe7eccc6770515106740b7

I've seen bug reports with more effort put into them …

Is this something which was reported upstream?

No.

And honestly, just reading that gist makes me doubt this is even applicable.

Let's see:

[CVE ID] CVE-2024-37676 [PRODUCT] HTOP [VERSION] 2.2.0

That version is about 5 years old. Since then there's been several releases.

[PROBLEM TYPE] out-of-bounds access

[DESCRIPTION] htop processes the configuration file with the number of right_meter_modes configured as len. if the number of right_meters configured does not match then an out-of-bounds access is generated in the Header_populateFromSettings function.

This handling has been refactored in recent versions when we added support for different numbers of columns for the meter area. AFAICS this does not look like this issue still affects recent versions of htop.