Date: Thu, 26 Feb 2015 16:21:43 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com, Assign a CVE Identifier <cve-assign@...re.org> Subject: CVE request: glibc: potential application crash due to overread in fnmatch When processing certain malformed patterns, fnmatch can skip over the NUL byte terminating the pattern. This can potentially result in an application crash if fnmatch hits an unmapped page before encountering a NUL byte. Upstream bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=18032 The fix is here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 It will go into glibc 2.22. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ