Date: Thu, 20 Oct 2011 18:23:40 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: mplayer RDT parsing integer underlow On Thu, Oct 20, 2011 at 12:22:37PM -0400, Josh Bressers wrote: > Please use CVE-2009-5027 This has already received a CVE ID, although for some reason it was never set public on the MITRE website: http://www.debian.org/security/2010/dsa-2043 http://www.debian.org/security/2010/dsa-2044 -> CVE-2010-2062 Cheers, Moritz > Thanks. > > -- > JB > > ----- Original Message ----- > > Hi, > > > > Please assign a CVE for this issue from 2009. From : > > > > "Function real_get_rdt_chunk() calls rtsp_read_data() to read RDT > > (Real Data Transport) chunks headers from the network and after that > > it > > will parse them. A controled variable is used to allocate a buffer > > and > > later passed on to the rtsp_read_data() function in order to specify > > the > > length of an RDT chunk data to read from the network. An integer > > underflow can be triggered when parsing a malformed RDT header chunk, > > a remote attacker can exploit it to execute arbitrary code in the > > context of the application." > > > >  http://seclists.org/fulldisclosure/2009/Jul/418 > >  https://secunia.com/advisories/36041/3/ > > > > thank you > > tim > > > > -- > > Tim Sammut ~ Gentoo Security Team > > underling@...too.org ~ C2375493 > > > > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ