Date: Wed, 29 Jun 2016 09:13:12 +0200 From: Lucian Cojocar <lucian@...ocar.com> To: oss-security@...ts.openwall.com Subject: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Hi all, u-clibc and uclibc-ng is used in several projects[4, 5]. As described here, an attacker that controls the length parameter of the `memset' can also control the value of the PC register. The issue is similar to CVE-2011-2702. A patch has been proposed for uclibc-ng. A denial of service proof of concept is available. Thanks, Lucian http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed http://article.gmane.org/gmane.comp.lib.uclibc-ng/27 http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html https://www.uclibc.org/products.html http://www.uclibc-ng.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.