Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Nov 2014 02:38:50 -0500 (EST)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> By using special crafted S/MIME messages or ECC based OpenPGP data, it
>> is possible to create a buffer overflow.

> Announce: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
> Upstream fix: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7

> Due to the unsigned integer this results in a pretty long value which
> won't fit anymore into the allocated buffer.

Use CVE-2014-9087.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUdYKjAAoJEKllVAevmvmsW0MIAK0AXXRqyrQZdqRfd+EXeJze
HyXqqJVngMbdgwZwaGjhFVRBneCDn1GQVQ3zfFaqqREtl+8ult/QYKNKjl+525Gl
AYtTWH1uxlf69RPxpkJN4wtgEEsky1+Z+FZx7EyVzg7PB4sImsixZDiveHl0tOdi
+Ga9tie2aGZNEdWi+L2YmI80rg7pblg6v9eKLx/nd0dAKbi6zR/+rz1hNreOl13z
TfN9cY2fEL0I2adKcH84Gm/JXoYX594hNqwUploDk1vgjfdXeqxVpPIDWhUeEs/S
5Jg/FnSa66fbDNrkXv561fAo7wafeS02bn+2pg+bdxLSbPxEPYQQ1qbB7prK3Ro=
=Biqr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.