[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: [CVE request] Array allocation fixes in libgfortran
From: Florian Weimer <fweimer () redhat ! com>
Date: 2014-07-31 9:34:24
Message-ID: 53DA0DA0.3030707 () redhat ! com
[Download RAW message or body]
On 07/24/2014 04:08 AM, cve-assign@mitre.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> several CVE-2002-0391-style integer overflows in array allocation in
>> libgfortran
>>
>> https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
>
> Use CVE-2014-5044.
Thanks. The fixes have been backported to GCC 4.8 and 4.9:
https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html
https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html
> It seems fairly clear that there is only one CVE ID needed. However,
> can you clarify what definition of "CVE-2002-0391-style integer
> overflows" you were using? We think you might mean:
>
> - any integer overflow caused by multiplying the number of elements
> in an array by the size of a single element
>
> - this includes, but isn't limited to, cases where the array
> elements represent arguments
The first, combined with the fact that the overflowing calculation is
used to compute byte sizes for memory allocation purposes.
--
Florian Weimer / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic