oss-security - Re: CVE request: possible miniupnpc buffer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Fri, 6 Jun 2014 16:27:03 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: possible miniupnpc buffer overflow

On Wed, Apr 30, 2014 at 04:45:26PM +1000, Murray McAllister wrote:
> Good morning,
> 
> It was pointed out in
> https://bugzilla.redhat.com/show_bug.cgi?id=1085618 that miniupnpc
> version 1.9 fixes a possible buffer overflow:
> 
> https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
> 
> I am not familiar with the code but it may be just a crash, with an
> invalid read here (on line 131):
> 
> 129                         /* parse header lines */
> 130                         for(i = 0; i < endofheaders - 1; i++) {
> 131                                 if(colon <= linestart &&
> header_buf[i]==':')
> 
> Can a CVE be assigned if one has not been already?

This seems to have fallen through the cracks.

Cheers,
        Moritz

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.