Date: Thu, 10 Dec 2009 21:43:04 +0100 From: Stefan Behte <Stefan.Behte@....net> To: OSS Security <oss-security@...ts.openwall.com> Subject: mmsclient: CVE request Hello, Harald van Dijk reported a buffer overflow in mmsclient in client.c to Gentoo security (https://bugs.gentoo.org/show_bug.cgi?id=263413): Line 28: #define BUF_SIZE 102400 Line 470: char data; Line 551: len = read (s, data, BUF_SIZE) ; In a different Gentoo bug about the issue (http://bugs.gentoo.org/show_bug.cgi?id=284747), Florian Streibelt noticed: the reason for all this is in client.c: 31 #define BUF_SIZE 102400 [...] 473 char data; [...] 575 len = read (s, data, BUF_SIZE) ; [...] 586 len = read (s, data, BUF_SIZE) ; There might lurk more overflows in the (non-maintained) code. Can I get a CVE for the issue? Thanks, Stefan Behte
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.