Bug#801872: dc3dd: buffer overflow

Subject: Bug#801872: dc3dd: buffer overflow
From: henri@nerv.fi (Henri Salo)
Date: Thu, 15 Oct 2015 16:32:40 +0300
Message-id: <[🔎] 20151015133240.GA19180@lakka.kapsi.fi>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: dc3dd
Version: 7.2.641-3
Severity: normal
Tags: security

Buffer overflow issue was announced in Bugtraq[1] with proof-of-concept:

dc3dd `perl -e 'print "A" x 90000'`

The tool is not supposed to be executed with this kind of input so this seems to
be minor issue. Please correct me if I am wrong. I am submitting this bug so
that we can track the issue and make changes if needed.

1: http://seclists.org/bugtraq/2015/Oct/71

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJWH6r3AAoJECet96ROqnV0QcAQAK9EtS7IsUPly2CVVz2SeIo9
o/u88X5FAlwhS8WPe1ByWeIorO0hOzMfIY1kVZRV3bMBW79GLD1CFBZt8+/yn+0T
rbVu4sI3hOUnr5hRo+NINO8vUIsYSNoe380qeHvysSRO0NNxC+anOVK585sH3N6z
BuKkAuPR7VmBPjuHsTXMdy8meRSQVp45kcfPth7ROklQRLSlLKFk7qKWsVFVLjPS
a72u758tD1ZoqtFO2GlkywXWvJlhoBoHwUDyrTJ0wXy05QeYj/RVy18thehqV0lX
oUoSjh8fO+1vscaTMYHbKlt/fuB4mXOYuaox4QX03BJQmuEO028j/VYAqe7fvZKe
a7XWBK0D1TEZi2vHv9adOZRbVmJAS0oznW3Tjox1Zj42vvesUPXW7yP87BJPX0UV
r3HShG+P8iuwMUO+CSFu6Bs/qHsMxRPRicObdII9yRlNEyH+zrl0zwS9vi75FhSR
XYru9kB6whRmuEtdQ/zfZpj0kYn6kvzeGZFy0cq7XpHNn93wfNGLE8QENM96Mi4c
8MFos7uu3rQyXfzRd8Ch6jb93m+YflCFhNvKXZI5qsXKwr1kKIWNdoHmU/1nczT0
MdE9nKrHCNDFDZdGwU+KXYzXfBAmsJJt3MuwPsBtD3UkW5ijxNzy9Q3w1HT/tBoB
neNrPLKlCJxZenZkrV9I
=xQYd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: From:Ms:Fatima Yusuf.
Next by Date: Bug#802089: ext4magic: recover or examine on ext4 file system is impossible
Previous by thread: From:Ms:Fatima Yusuf.
Next by thread: Bug#802089: ext4magic: recover or examine on ext4 file system is impossible
Index(es):
- Date
- Thread