Date: Wed, 17 Jun 2015 17:21:39 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: Re: CVE Request: jabberd remote information disclosure On Mon, 23 Feb 2015 16:16:38 -0500 (EST) cve-assign@...re.org wrote: > > If the data ends with an unterminated multi-byte UTF8 > > sequence then libidn may copy data past the buffer into the result. > > > https://github.com/jabberd2/jabberd2/issues/85 > > > the stringprep functions from libidn require the input to be valid > > UTF8 > > > The libidn documentation claims "This function will not read or > > write to characters outside that size." about the length of the > > buffer that needs to be specified, but this is not true, > > Use CVE-2015-2059 for this libidn out-of-bounds read issue. Possibly > it could be argued that this is a borderline case for a CVE. However, > the documentation says "This function will not read or write to > characters outside that size" rather than "If the input is valid > UTF-8, then this function will not read or write to characters outside > that size." If the input is not valid UTF-8, then the function is > entitled to undefined behavior within the bounds of the buffer. Old thread, but I thought worth mentioning. This was already found by Sam Varshavchik in 2013: http://permalink.gmane.org/gmane.comp.gnu.libidn.general/462 As the CVE is already assigned I don't think this matters too much, but maybe MITRE wants to reference that. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ