Date: Mon, 30 Mar 2015 11:57:53 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > A buffer overflow has been fixed in DBD-Firebird, a DBI driver for > Firebird RDBMS server, in version 1.19: > > https://metacpan.org/source/DAM/DBD-Firebird-1.19/Changes > https://bugs.debian.org/780925 > https://bugs.debian.org/780925#3 > > I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use > sprintf to a fix-sized buffer that (quite likely in two cases) might be > too small to hold the final result. Presumably this means there were three cases found by Stefan Roas but the third wasn't exploitable. CVE-2015-2788 is for: - char err; - sprintf(err, "String truncation (SQL_VARYING): attempted to bind %lu octets to column sized %lu" - char err; - sprintf(err, "String truncation (SQL_TEXT): attempted to bind %lu octets to column sized %lu" For the third one: - char err; - sprintf(err, "You have not provided a value for non-nullable parameter #%d.", i); "You have not provided a value for non-nullable parameter #-9223372036854775807.\0" is 80 characters. Also, the scope of this CVE ID does not include any unreported or later-reported buffer overflows found and fixed by Damyan Ivanov, e.g., ones in the https://anonscm.debian.org/cgit/pkg-perl/packages/libdbd-firebird-perl.git/commit/?id=63ba70750f8be99765e09fe5d032042eeea19807 commit. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVGXHlAAoJEKllVAevmvms4lkIALk6dv6R5jtwI5rFkj08BV+i NkrkeleIoRV2GwPeFcGpWesd5ID4LA4E0Erg2IhOTyqHqIC86YRsvWzy1M25r33u cMIuLWuiYPHQuLFXPW6vymetbgP5d06FBd5PlZywMnyFvVXle1MyMFKc2KHEe4J9 E3kos6cAElzyPJFjtPy+LSoXpmi3AZGFOkrl4AqdbPNOE0grNjsIt3jUXVlA/VeJ YVC5cmGkWUQgz4+nU3+oXgE+KuE4mJuGxQaCdwrrdG2Biy6tjeYmHU3aUUprCKcN vUl4StUa02ci8MNzRG7helOU8mnCFz5vOQ2Zq4XY3PaUetX2CD8+4hil10LauU8= =fxQK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.