Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libcdaudio



On Wed, 5 Nov 2008, Thomas Biege wrote:

> Hello,
> we need a CVE-ID for a buffer overflow in libcdaudio.
> It is a remotely exploitable heap-based buffer overflow.

Out of curiosity, what makes it remote?

Use CVE-2008-5030

- Steve

======================================================
Name: CVE-2008-5030
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
Reference: BID:32122
Reference: URL:http://www.securityfocus.com/bid/32122

Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.