Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Apr 2014 13:36:35 +0200
From: ┼╣micier Januszkiewicz <gauri@....by>
To: oss-security@...ts.openwall.com
Subject: libmms heap-based buffer overflow fix

Hello list,

It seems libmms has fixed a buffer overflow in a recent 0.6.4 version
with the following commit.

http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8

This may be triggered via an overly long line of a MMSH (MMS over
HTTP) server response, effectively overflowing the buffer which has a
static size (defined as BUF_SIZE, didn't check the actual numeric
value).

Please assign a CVE name for this, if there is none.

Kind regards,
Z.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ