oss-sec mailing list archives
Re: CVE Request: Three integer overflows in glibc memory allocator
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 11 Sep 2013 14:47:05 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/11/2013 05:49 AM, Will Newton wrote:
Hi, I recently discovered three integer overflow issues in the glibc memory allocator functions pvalloc, valloc and posix_memalign/memalign/aligned_alloc. These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption. The issues are fixed in glibc mainline. The relevant glibc bugzilla entries are here: https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Thanks,
CVE MERGE, same researcher, version and vuln type. Please use CVE-2013-4332 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSMNbIAAoJEBYNRVNeJnmTHPkQAI7/UmQ/yybeEdLqB6VP7DM3 r+4cTAkW5iI3xjLPHXchHrBofLnIj/TAxVensMR4A3wl2J28pcjwjjvmxka03HSD miVCfKoi4fMIGtnE9fOlTa1Gz3nTY/O26yU7sLbKWYZ4u6zgLY3asEcAySUFJJoC 5OaTbxXqOu6+krwOZDGHL+sw0NevC+0hSk6989pPqDDu5pY24MmZw5SS7gKB+E0s D3Xb17duEvh273mvViwmi6qI8CrOstyX+Cxi9ERz/VtQ87s+t0z5HbDaIaeb+9hs 07A+BJzdx64k3+0yzfmwzKXajGN3DqVaSAJE/wXmdNe6ug0I37OGh8VyxDVv14fG 9agawmzp3UJ+0tELwD966D1lk8UiMB+wsIokOK91q7yihTCmcM9n0oWcGnaHCyVh QHfS5BADUu8k+KF1hP2Lef9lSjIHaxZhu5Nws9Kx4+Wmbe6qNKjpdYTo8y2Atrpr bXbc9xv9HLTTauv7kQMJh+woe1nf0d8e2IiIPU/hOc3TUkhoKdQ3DTffKPueIUeJ z/HT0IxmVCVKIBPBlzkMH7h3B78/GIjo8VQK47Ueg4w7bXTI22/pt9mR3Vf6c5Rn 7u1CI/T1d26s6bXGncEt38mAUk7i0uL/BUcW+b9LSlV7lYw/WqgzPT9X0aVntKcB PuCXJxW0WblJubfTUOmp =/OeC -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Three integer overflows in glibc memory allocator Will Newton (Sep 11)
- Re: CVE Request: Three integer overflows in glibc memory allocator Kurt Seifried (Sep 11)