Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 10 Dec 2009 21:43:04 +0100
From: Stefan Behte <Stefan.Behte@....net>
To: OSS Security <oss-security@...ts.openwall.com>
Subject: mmsclient: CVE request

Hello,

Harald van Dijk reported a buffer overflow in mmsclient in client.c to
Gentoo security (https://bugs.gentoo.org/show_bug.cgi?id=263413):

Line 28: #define BUF_SIZE 102400
Line 470: char data[1024];
Line 551: len = read (s, data, BUF_SIZE) ;

In a different Gentoo bug about the issue
(http://bugs.gentoo.org/show_bug.cgi?id=284747), Florian Streibelt noticed:

the reason for all this is in client.c:

31  #define BUF_SIZE 102400
[...]
473   char                 data[1024];
[...]
575   len = read (s, data, BUF_SIZE) ;
[...]
586   len = read (s, data, BUF_SIZE) ;

There might lurk more overflows in the (non-maintained) code.
Can I get a CVE for the issue?

Thanks,

Stefan Behte

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.