oss-sec mailing list archives

Re: CVE request: glibc: timezone integer overflow

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 07 Dec 2011 11:50:26 -0700

On 12/05/2011 03:14 AM, Matthias Weckbecker wrote:

Hi,

looks like this has never got a CVE so far or at least I couldn't find one,

http://dividead.wordpress.com/tag/heap-overflow/
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
 
Could there possibly be a CVE assigned, please? Thanks in advance.

Matthias

Ok it appears although this is difficult to exploit, it can be triggered
potentially allowing a security boundary to be crossed in some
situations. Please use CVE-2009-5029 for this glibc timezone integer
overflow issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE request: glibc: timezone integer overflow Matthias Weckbecker (Dec 05)
- Re: CVE request: glibc: timezone integer overflow Kurt Seifried (Dec 07)