Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Oct 2017 17:22:13 +0200
From: Salvatore Bonaccorso <>
Subject: Re: CVE Request: FreeBSD kernel, double-fetch bug in


On Tue, Oct 03, 2017 at 02:39:55PM +0000, Xu, Meng wrote:
> Hello,
> In function  smb_strdupin()  of file sys/netsmb/smb_subr.c,
> smb_strdupin() tried to roll a copyin() based strlen to allocate a buffer
> and then blindly copyin that size.  Of course, a malicious user program
> could simultaneously manipulate the buffer, resulting in a non-terminated
> string being copied.
> Bug report:
> Patch:
> Please help assign a CVE to it.

CVE's are not anymore requested via the oss-security list. If you want
to request one please have a look at

Once you have the CVE assigned, can you please loop back the
assignement in this thread?


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.