Date: Mon, 8 Dec 2014 13:45:12 +0100 From: Vasyl Kaigorodov <vkaigoro@...hat.com> To: oss-security@...ts.openwall.com Cc: 772008@...s.debian.org Subject: CVE request: mpfr: buffer overflow in mpfr_strtofr Hello, A buffer overflow was reported  in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (discussion is at ; first fix in the GMP documentation is at ). This bug is present in the MPFR versions from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by running "make check" in a 32-bit ABI under GNU/Linux with alloca disabled (this is currently possible by using the --with-gmp-build configure option where alloca has been disabled in the GMP build). It is fixed by the strtofr patch . Corresponding changeset in the 3.1 branch: 9110 . : https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html : https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74 : http://www.mpfr.org/mpfr-3.1.2/patch11 : https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9110 References: - https://bugzilla.redhat.com/show_bug.cgi?id=1171701 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Can a CVE be assigned to this please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.