Date: Thu, 3 Nov 2022 20:32:33 +0000 From: Sam James <sam@...too.org> To: oss-security@...ts.openwall.com Cc: nic.tuv@...il.com, Hanno Böck <hanno@...too.org> Subject: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) > On 3 Nov 2022, at 20:23, Sam James <sam@...too.org> wrote: > [snip] >  https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 I should add - the LTO warnings with GCC here (-Wfree-nonheap-object) are possibly false positives, but Clang doesn't emit them IIRC and I think it's a valuable resource to dig into. Download attachment "signature.asc" of type "application/pgp-signature" (359 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.