oss-sec mailing list archives
CVE Request: icu out of bounds access
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 09 Dec 2011 09:31:06 +0100
Hi, An of bounds access was reported in icu: http://bugs.icu-project.org/trac/ticket/8984 Unfortunately the chrome bug is private but the commit says "buffer overflow": http://codereview.chromium.org/8822005/patch/6001/7002 I suppose a negative len could end up in the strncpy at the end of the function causing a buffer overflow. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Current thread:
- CVE Request: icu out of bounds access Ludwig Nussel (Dec 09)
- Re: CVE Request: icu out of bounds access Kurt Seifried (Dec 09)