[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: [CVE request] Array allocation fixes in libgfortran
From:       Florian Weimer <fweimer () redhat ! com>
Date:       2014-07-31 9:34:24
Message-ID: 53DA0DA0.3030707 () redhat ! com
[Download RAW message or body]

On 07/24/2014 04:08 AM, cve-assign@mitre.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> several CVE-2002-0391-style integer overflows in array allocation in
>> libgfortran
>>
>> https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
>
> Use CVE-2014-5044.

Thanks.  The fixes have been backported to GCC 4.8 and 4.9:

https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html
https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html

> It seems fairly clear that there is only one CVE ID needed. However,
> can you clarify what definition of "CVE-2002-0391-style integer
> overflows" you were using? We think you might mean:
>
>    - any integer overflow caused by multiplying the number of elements
>      in an array by the size of a single element
>
>    - this includes, but isn't limited to, cases where the array
>      elements represent arguments

The first, combined with the fact that the overflowing calculation is 
used to compute byte sizes for memory allocation purposes.

-- 
Florian Weimer / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]