Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Dec 2016 12:30:11 -0500
From: <cve-assign@...re.org>
To: <oss-security@...ts.openwall.com>
CC: <cve-assign@...re.org>
Subject: Re: Qt QXmlSimpleReader

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In case anyone immediately needs to track QXmlSimpleReader behavior,
we're assigning an ID for one issue that seems best understood at this
point:

> I just found that (at least for a rebuild of the RHEL7 package of
> qt-4.8.5-12) it is possible to trigger a stack overflow by nesting many
> XML opening tags. Luckily, there doesn't appear to be a way to jump
> over the guard page to another thread's stack on RHEL7/x86_64, but
> that's platform specific.

Use CVE-2016-10040.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYXrAJAAoJEHb/MwWLVhi238YP+gIKi52EJvWROru80v6ROwz/
KkfY2zyKmbbp3EQ33yuzjtdO2UWHW99oYph+4adlYdpMo3szFHSrHc8zvsdsM1j6
xbZK3bj8IYp2jN+B8adKEnY3VgsmXJ2kqa6B+Fvs6fDBjSB0oJ5WBHSBATrv0vg5
zSHSVjf3I3aNEI7MFsGNWqY1T4QZmpUOx4td2ofAToxZqyYeHhcfxXM4kuhXrraL
Dve31NR0RtWELMLexx9c1GFTftkhzspoXeVachJOoxeaGxZfOnXAEf7+6z8mq3cV
ytRFhdncbLwuwAbxy34po7LXh0m5LbQJuBc3RUSntxIb3E6n52X4fpf9CYvQDavq
s4lPuMMo4OyQ7uEEsf20T2k4nAsme18QigKmGAIPDnwVIJp0HStjky5+HgkK/5by
bSttkBIyHNaYf9LTRVBZD/NWeoSkVhen6rqcKhd4JNy3DduoirRhp0rUN7QteW35
5tvvAXeyfxd7FWLBBFgE2VQeDm9StrobdEuFUL/SFimrN0e/UX9RHBU34b6D/XlJ
FaRj7eSwEtGl2lTZym27xuSIcQ08m4SU+paUcWxcIjcDgNI7f9oIAPLrcB7b6fNz
isuovpCpGIDROdc8MuBu0SAmz3wVipC9x0aQcoVE+VH18dJtaB+aoiEY57Eri5Fp
mIbe+axP5b0rPKySAXRx
=sy6o
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.