oss-sec mailing list archives
Re: CVE request: Digest::SHA double free when using load subroutine
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 15 Jan 2013 20:37:17 +0100
* Kurt Seifried:
I'm not clear, how would an attacker exploit this? They'd need to be able to specify the file that gets hashed, and the file would have to be not present and would thus trigger the crash? Are there any real world examples of an affected application? (web based?)
My hunch is that this is just a bug, not a security issue.
Current thread:
- CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor (Jan 17)
- Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)