[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Tue, 15 Jul 2008 13:47:32 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE id request: byacc
Hello,
there is already for a long time known
possible out of allocated stack bounds access in yacc.
Description of problem:
=======================
Otto Moerbeck has reported the following potential out of bounds of the
allocated stack access in the yacc binary:
Fix an venerable bug: if we're reducing a rule that has an empty
right hand side and the yacc stackpointer is pointing at the very
end of the allocated stack, we end up accessing the stack out of
bounds by the implicit $$ = $1 action. Detected by my new malloc,
experienced by sturm@ on sparc64; ok deraadt@
Public mention of this issue:
=============================
http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2
Proposed OpenBSD patch:
=======================
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29
Steve, could you please allocate a CVE identifier,
we could use for future references to this one?
Thank you in advance!
Kind regards
Jan iankko Lieskovsky
RH Security Response Team
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ