Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Feb 2015 15:14:10 +0100
From: Jakub Wilk <>
Subject: Re: heap overflow in procmail

>The Debian bug report does not contain diagnosis of the type of 
>programming error that is triggering each crash, so it is not clear 
>how many CVE identifiers must be assigned.

There are two distinct buffer overflows:

* Off-by-one heap overflow when parsing addresses that have left angle 
bracket, then a comma, but no right angle bracket. For example: 

* Heap overflow when parsing addresses that end with backslash. For 
example: <\

Credit goes to Jan Darmochwal for identifying the root causes.

Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ