oss-sec mailing list archives
Re: CVE request: glibc: timezone integer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 07 Dec 2011 11:50:26 -0700
On 12/05/2011 03:14 AM, Matthias Weckbecker wrote:
Hi, looks like this has never got a CVE so far or at least I couldn't find one, http://dividead.wordpress.com/tag/heap-overflow/ http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html Could there possibly be a CVE assigned, please? Thanks in advance. Matthias
Ok it appears although this is difficult to exploit, it can be triggered potentially allowing a security boundary to be crossed in some situations. Please use CVE-2009-5029 for this glibc timezone integer overflow issue. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request: glibc: timezone integer overflow Matthias Weckbecker (Dec 05)
- Re: CVE request: glibc: timezone integer overflow Kurt Seifried (Dec 07)