Date: Sun, 1 Feb 2015 11:22:54 -0800 From: Paul Pluzhnikov <ppluzhnikov@...il.com> To: oss-security@...ts.openwall.com Cc: Joseph Myers <jsm28@....gnu.org> Subject: CVE request: heap buffer overflow in glibc swscanf Greetings, https://sourceware.org/bugzilla/show_bug.cgi?id=16618 is almost 1 year old, and still not fixed in glibc trunk. I have verified that the test case from it fails with libc6 2.19-0ubuntu6.5 and current trunk glibc. Don't know if it's exploitable, but it seems like it could easily be. (I'll see if I can fix it in the mean time.) Thanks, -- Paul Pluzhnikov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ