Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Feb 2015 11:22:54 -0800
From: Paul Pluzhnikov <>
Cc: Joseph Myers <>
Subject: CVE request: heap buffer overflow in glibc swscanf

is almost 1 year old, and still not fixed in glibc trunk.

I have verified that the test case from it fails with libc6
2.19-0ubuntu6.5 and current trunk glibc.

Don't know if it's exploitable, but it seems like it could easily be.

(I'll see if I can fix it in the mean time.)

Paul Pluzhnikov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.