[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Use after free in monit / _handleEvent
From:       Hanno =?iso-8859-1?q?B=F6ck?= <hanno () hboeck ! de>
Date:       2018-12-23 8:31:30
Message-ID: 20181223093130.77312548 () computer
[Download RAW message or body]

Hi,

There's a use after free in monit that shows up if you run it for a
while on an active system with address sanitizer enabled.

I reported this in august:
https://bitbucket.org/tildeslash/monit/issues/764/use-after-free-in-function-_handleevent

Fix is here:
https://bitbucket.org/tildeslash/monit/commits/5827927c4623

The fix is unreleased, the current version (5.25.2) is still affected.


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]