oss-sec mailing list archives
Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 27 Nov 2014 02:08:25 +0100
On Wed, 26 Nov 2014 02:38:50 -0500 (EST) cve-assign () mitre org wrote:
Due to the unsigned integer this results in a pretty long value which won't fit anymore into the allocated buffer.Use CVE-2014-9087.
Please note that this affects both libksba and gnupg (only version 2.1.0 and betas). They share the code, but it's in different products, I don't know if this means 2 CVEs should be assigned. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE Request: buffer overflow in ksba_oid_to_str in Libksba Salvatore Bonaccorso (Nov 25)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 25)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 25)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 26)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)