[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request:  mpfr: buffer overflow in mpfr_strtofr
From:       Moritz Muehlenhoff <jmm () debian ! org>
Date:       2014-12-30 0:23:40
Message-ID: 20141230002340.GA9277 () pisco ! westfalen ! local
[Download RAW message or body]

On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote:
> Hello,
> 
> A buffer overflow was reported [1] in mpfr.
> This is due to incorrect GMP documentation for mpn_set_str about the
> size of a buffer (discussion is at [1]; first fix in the GMP
> documentation is at [2]). This bug is present in the MPFR versions
> from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by
> running "make check" in a 32-bit ABI under GNU/Linux with alloca
> disabled (this is currently possible by using the --with-gmp-build
> configure option where alloca has been disabled in the GMP build). It
> is fixed by the strtofr patch [3].
> Corresponding changeset in the 3.1 branch: 9110 [4].
> 
> [1]: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html
> [2]: https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74
> [3]: http://www.mpfr.org/mpfr-3.1.2/patch11
> [4]: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9110
> 
> References:
> - https://bugzilla.redhat.com/show_bug.cgi?id=1171701
> - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008
> 
> Can a CVE be assigned to this please?

This seems to have fallen through the cracks, adding cve-assign@mitre.org
to CC.

Cheers,
        Moritz
[prev in list] [next in list] [prev in thread] [next in thread]