[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#808819: libio/wstrops.c: arbitrary code execution vulnerability

control: forcemerge 779587 808819

On 2015-12-23 12:14, Aeschbacher, Fabrice wrote:
> Source: glibc
> Version: 2.19-18+deb8u1
> Severity: important
> Tags: patch security
> 
> Dear Maintainer,
> 
> GNU C Library (glibc) contains integer overflows in the enlarge_userbuf() and
> _IO_wstr_overflow() functions in libio/wstrops.c. These issues are triggered as
> user-supplied input is not properly validated. This may allow a context-
> dependent attacker to cause a heap-based buffer overflow, resulting in a denial
> of service or potentially allowing the execution of arbitrary code.
> Versions <= 2.22 are affected.
> 
> References:
>   https://bugs.gentoo.org/show_bug.cgi?id=541246
>   https://bugzilla.redhat.com/show_bug.cgi?id=1195762
>   https://sourceware.org/bugzilla/show_bug.cgi?id=17269
>   http://seclists.org/oss-sec/2015/q1/646
> 
> Patch:
>   https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
> 

This has been reported in bug#779587, and pending to be fixed. Merging
the bugs.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: