Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Aug 2010 13:33:16 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: jengelh@...ozas.de, coley <coley@...re.org>
Subject: Re: CVE Request: heap-based buffer overflow in libHX

Please use CVE-2010-2947

Thanks.

-- 
    JB


----- "Thomas Biege" <thomas@...e.de> wrote:

> http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59
> 
> string: fixed buffer overflow in HX_split when too few fields are
> present
> 
> Jan Engelhardt [Mon, 16 Aug 2010 17:08:51 +0000 (19:08 +0200)]
> 
> 
> 
> When HX_split is called with a maximum number of desired fields (4th
> 
> argument != 0), passing in a string that has less fields than that
> led
> 
> to a buffer overrun (write beyond end of malloc'd area).
> 
> 
> 
> CVSS Base Score: 10
> 
> - Impact Subscore: 10
> 
> - Exploitability Subscore: 10
> 
> CVSS Temporal Score: 7.4
> 
> CVSS Environmental Score: Undefined
> 
> Overall CVSS Score: 7.4
> 
> 
> 
> CVSS Base vector:: AV:N/AC:L/Au:N/C:C/I:C/A:C
> 
> - AV: libHX may be used by network services
> 
> - Au: some services may not require authentication
> 
> - A: can cause crash when result is freed
> 
> 
> 
> CVSS Temporal vectors:: RL:O/RC:C
> 
> 
> 
> Affects all versions prior to, and including, 3.5.
> 
> -- 
>  Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support &
> Auditing
>  SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ