Readline vulnerability report and CVE request for readline vulnerability

[minipython]

Dear bug-bash@gnu.org??
I did not receive any response after sending my email to bug-readline@gnu.org. 
However, I saw on the official website that bugs could also be sent to 
bug-bash@gnu.org, so I sent the email there instead. Below is the original 
content of the email.
I would like to report some security vulnerabilities that I discovered in 
Readline and request CVE identifiers. The details of the vulnerabilities are as 
follows:


Readline version: 8.2
Machine and OS: Ubuntu 20.04.1 x86-64
Compilation flags: "./configure CC=/root/fuzzers/AFLplusplus/afl-clang-fast 
CXX=/root/fuzzers/AFLplusplus/afl-clang-fast++" with ASan and UBSan 
instrumentation.
I have uploaded the ASAN information and the vulnerability type, containing 13 
vulnerabilities, as attachments to this email.


To reproduce the bug reliably, I made the following modifications:


First, I changed the sprintf function in the fileman code in the examples 
directory to snprintf (snprintf(syscom, 1024, "ls -FClg %s", arg)) to prevent 
issues with the fileman code itself.
Then, I tested fileman because it uses many readline functions. I have attached 
the modified fileman.c code in the attachments.
Finally, I compiled readline and fileman with ASan instrumentation and ran 
fileman < bug to successfully reproduce the issue. The bugs are also attached.
I apologize that I am not able to provide a proposed fix at this time.


Thank you for your attention to this matter. Please let me know if you require 
any further information.


Sincerely,


minipython

bug.pdf
Description: Binary data

fileman.c
Description: Binary data

unique_crashes.tar.gz
Description: Binary data