Date: Wed, 29 Jun 2016 09:13:12 +0200 From: Lucian Cojocar <lucian@...ocar.com> To: oss-security@...ts.openwall.com Subject: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Hi all, u-clibc and uclibc-ng is used in several projects[4, 5]. As described here, an attacker that controls the length parameter of the `memset' can also control the value of the PC register. The issue is similar to CVE-2011-2702. A patch has been proposed for uclibc-ng. A denial of service proof of concept is available. Thanks, Lucian http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed http://article.gmane.org/gmane.comp.lib.uclibc-ng/27 http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html https://www.uclibc.org/products.html http://www.uclibc-ng.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ