[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: heap-based buffer overflow in libHX
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-08-20 17:33:16
Message-ID: 195554551.1101541282325596951.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2947
Thanks.
--
JB
----- "Thomas Biege" <thomas@suse.de> wrote:
> http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59
>
> string: fixed buffer overflow in HX_split when too few fields are
> present
>
> Jan Engelhardt [Mon, 16 Aug 2010 17:08:51 +0000 (19:08 +0200)]
>
>
>
> When HX_split is called with a maximum number of desired fields (4th
>
> argument != 0), passing in a string that has less fields than that
> led
>
> to a buffer overrun (write beyond end of malloc'd area).
>
>
>
> CVSS Base Score: 10
>
> - Impact Subscore: 10
>
> - Exploitability Subscore: 10
>
> CVSS Temporal Score: 7.4
>
> CVSS Environmental Score: Undefined
>
> Overall CVSS Score: 7.4
>
>
>
> CVSS Base vector:: AV:N/AC:L/Au:N/C:C/I:C/A:C
>
> - AV: libHX may be used by network services
>
> - Au: some services may not require authentication
>
> - A: can cause crash when result is freed
>
>
>
> CVSS Temporal vectors:: RL:O/RC:C
>
>
>
> Affects all versions prior to, and including, 3.5.
>
> --
> Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support &
> Auditing
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic