Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Feb 2015 11:22:54 -0800
From: Paul Pluzhnikov <>
Cc: Joseph Myers <>
Subject: CVE request: heap buffer overflow in glibc swscanf

is almost 1 year old, and still not fixed in glibc trunk.

I have verified that the test case from it fails with libc6
2.19-0ubuntu6.5 and current trunk glibc.

Don't know if it's exploitable, but it seems like it could easily be.

(I'll see if I can fix it in the mean time.)

Paul Pluzhnikov

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ