[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c
From: cve-assign () mitre ! org
Date: 2015-03-30 15:57:53
Message-ID: 20150330155753.CC2B572E032 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> A buffer overflow has been fixed in DBD-Firebird, a DBI driver for
> Firebird RDBMS server, in version 1.19:
>
> https://metacpan.org/source/DAM/DBD-Firebird-1.19/Changes
> https://bugs.debian.org/780925
> https://bugs.debian.org/780925#3
>
> I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use
> sprintf to a fix-sized buffer that (quite likely in two cases) might be
> too small to hold the final result.
Presumably this means there were three cases found by Stefan Roas but
the third wasn't exploitable. CVE-2015-2788 is for:
- char err[80];
- sprintf(err, "String truncation (SQL_VARYING): attempted to bind %lu octets to column sized \
%lu"
- char err[80];
- sprintf(err, "String truncation (SQL_TEXT): attempted to bind %lu octets to column sized \
%lu"
For the third one:
- char err[80];
- sprintf(err, "You have not provided a value for non-nullable parameter #%d.", i);
"You have not provided a value for non-nullable
parameter #-9223372036854775807.\0" is 80 characters.
Also, the scope of this CVE ID does not include any unreported or
later-reported buffer overflows found and fixed by Damyan Ivanov,
e.g., ones in the
https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-firebird-perl.git/commit/?id=63ba70750f8be99765e09fe5d032042eeea19807
commit.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJVGXHlAAoJEKllVAevmvms4lkIALk6dv6R5jtwI5rFkj08BV+i
NkrkeleIoRV2GwPeFcGpWesd5ID4LA4E0Erg2IhOTyqHqIC86YRsvWzy1M25r33u
cMIuLWuiYPHQuLFXPW6vymetbgP5d06FBd5PlZywMnyFvVXle1MyMFKc2KHEe4J9
E3kos6cAElzyPJFjtPy+LSoXpmi3AZGFOkrl4AqdbPNOE0grNjsIt3jUXVlA/VeJ
YVC5cmGkWUQgz4+nU3+oXgE+KuE4mJuGxQaCdwrrdG2Biy6tjeYmHU3aUUprCKcN
vUl4StUa02ci8MNzRG7helOU8mnCFz5vOQ2Zq4XY3PaUetX2CD8+4hil10LauU8=
=fxQK
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic