Date: Tue, 14 Feb 2017 19:43:32 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Pending CVE requests for glibc On Tue, Sep 08, 2015 at 01:02:44PM +0530, Huzaifa Sidhpurwala wrote: > Hi MITRE, > > I could not help but notice, some glibc security issues were not > assigned CVE ids. Blast from the past :-) I re-submitted this via the new MITRE webform and this got assigned within a few hours. Here's the assignments looped back to oss-security: > 1. glibc: multiple overflows in strxfrm() > Integer overflow when computing memory allocation sizes (similar to > CVE-2012-4412) was reported  in glibc strxfrm() function. Attached > strxfrm-int32.c should trigger this issue on a 32-bit systems. > Additionally, it was discovered  that strxfrm() falls back to an > unbounded alloca if malloc fails making it vulnerable to stack-based > buffer overflows (similar to CVE-2012-4424). Attached strxfrm-alloca.c > should trigger this issue. > > Previously a request was made via: > http://seclists.org/oss-sec/2015/q1/540 CVE-2015-8982 > 2. glibc: _IO_wstr_overflow integer overflow > An integer overflow flaw, leading to a heap-based buffer overflow, was > found in glibc's _IO_wstr_overflow() function. If an application used > this function, it could cause the application to crash or, potentially, > execute arbitrary code with the privileges of the user running the > application. > > https://sourceware.org/bugzilla/show_bug.cgi?id=17269 > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 CVE-2015-8983 > 3. glibc: potential denial of service in internal_fnmatch() > It was reported  that when processing certain malformed patterns, > fnmatch can skip over the NUL byte terminating the pattern. This can > potentially result in an application crash if fnmatch hits an unmapped > page before encountering a NUL byte. > > https://sourceware.org/bugzilla/show_bug.cgi?id=18032 > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 > > Previously a request was made via: > http://seclists.org/oss-sec/2015/q1/689 CVE-2015-8984 > 4. glibc: potential denial of service in pop_fail_stack() > A crash was reported  during glibc extended regular expression > processing. No known patch exists at the time of writing. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392 CVE-2015-8985 Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ