Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 6 Jul 2015 09:17:21 +0200
From: Gustavo Grieco <>
Subject: Out-of-bounds read in wget and curl using CVE-2015-2059


As you probably know, CVE-2015-2059 was't fixed yet
( Unfortunately
many applications are using libidn without validating its UTF-8
inputs. Recently wget
and curl ( applied some

After reading the previous oss-security related threads i'm still
unsure if these issues deserve individual CVEs or they are just
consequences of CVE-2015-2059.
A quick and dirty demo of this memory leak is available here:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ