Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: libcdaudio On Wed, 5 Nov 2008, Thomas Biege wrote: > Hello, > we need a CVE-ID for a buffer overflow in libcdaudio. > It is a remotely exploitable heap-based buffer overflow. Out of curiosity, what makes it remote? Use CVE-2008-5030 - Steve ====================================================== Name: CVE-2008-5030 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030 Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1 Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1 Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442 Reference: BID:32122 Reference: URL:http://www.securityfocus.com/bid/32122 Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.