Re: libgadu vulnerability: possible memory corruption

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> A crafted message from the file relay server may cause memory to
> beoverwritten. The memory is not overwritten with data sent directly by the
> server, but security implications cannot be ruled out.
>
> The bug is public:
> http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
> http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html

Use CVE-2014-3775 for the issue as described in the 001180.html
message. It is possible that the 001171.html and 001180.html messages
are referring to exactly the same issue: in that case, there will be
only one CVE ID in total. (The messages are somewhat different -- for
example, 001180.html doesn't directly mention that exploitability is
unproven -- but this may be a wording difference and not anything
inherent about the code in 1.11.x versus 1.12 prereleases.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTearAAAoJEKllVAevmvmsWukH/Ra+3gLP6QfYcqRSqeXf49hR
YHklWJjvWVn1Hy51TEnpaM/pz0SngIVW3Vr+RSHnWBNpeaSOUyIlj5FabBBOEpTu
Jls2oSwP5c5gHWJnCGCKSZUIYYHIaV+m1frefh/WJ8/rnq4QQon54nHv7iAVYSDp
Vq9AA7aSpnuw4diIC5J44e+Kk64GFdcBZUDKRT4w6OxE0+qRuVBj6yploCPFo78f
MQcttoVsyau/J6crgzn6KmKKCEiAdDub2kXYtWPw9NWRZiocDbwaY3TpPfoVjUi3
0mQy5CchaodVlx48YgXqwyqVk23pIH8A6OckRDTJiGbpfHdwRsPcIgoex03G4S0=
=ysDB
-----END PGP SIGNATURE-----