Date: Wed, 17 Jun 2015 17:21:39 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: Re: CVE Request: jabberd remote information disclosure On Mon, 23 Feb 2015 16:16:38 -0500 (EST) cve-assign@...re.org wrote: > > If the data ends with an unterminated multi-byte UTF8 > > sequence then libidn may copy data past the buffer into the result. > > > https://github.com/jabberd2/jabberd2/issues/85 > > > the stringprep functions from libidn require the input to be valid > > UTF8 > > > The libidn documentation claims "This function will not read or > > write to characters outside that size." about the length of the > > buffer that needs to be specified, but this is not true, > > Use CVE-2015-2059 for this libidn out-of-bounds read issue. Possibly > it could be argued that this is a borderline case for a CVE. However, > the documentation says "This function will not read or write to > characters outside that size" rather than "If the input is valid > UTF-8, then this function will not read or write to characters outside > that size." If the input is not valid UTF-8, then the function is > entitled to undefined behavior within the bounds of the buffer. Old thread, but I thought worth mentioning. This was already found by Sam Varshavchik in 2013: http://permalink.gmane.org/gmane.comp.gnu.libidn.general/462 As the CVE is already assigned I don't think this matters too much, but maybe MITRE wants to reference that. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.