[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-deb "OutofBounds"/"global-buffer-overflow" vulnerability

On 29/11/14 01:14, Guillem Jover wrote:
Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then
there might be an out of bounds *read* access, but I don't see how that
would be a vulnerability. I'll fix this for 1.17.23.
I think it's just a 'by definition' vulnerability, e.g like heartbleed was an out of bounds read, sort of. But in this context, it's not serious at all.

-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: