Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Aug 2010 12:52:51 +0200
From: Thomas Biege <>
Subject: CVE Request: heap-based buffer overflow in libHX;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59

string: fixed buffer overflow in HX_split when too few fields are present

Jan Engelhardt [Mon, 16 Aug 2010 17:08:51 +0000 (19:08 +0200)]

When HX_split is called with a maximum number of desired fields (4th

argument != 0), passing in a string that has less fields than that led

to a buffer overrun (write beyond end of malloc'd area).

CVSS Base Score: 10

- Impact Subscore: 10

- Exploitability Subscore: 10

CVSS Temporal Score: 7.4

CVSS Environmental Score: Undefined

Overall CVSS Score: 7.4

CVSS Base vector:: AV:N/AC:L/Au:N/C:C/I:C/A:C

- AV: libHX may be used by network services

- Au: some services may not require authentication

- A: can cause crash when result is freed

CVSS Temporal vectors:: RL:O/RC:C

Affects all versions prior to, and including, 3.5.

 Thomas Biege <>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ