oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: Jonathan Brossard <endrazine () gmail com>
Date: Tue, 27 Jan 2015 18:19:48 -0800
Dear Qualys team, dear list,


From GHOST.c :
...
  char name[10];
  memset(name, '0', len);
  name[len] = '\0';
...


I have been made aware off line that I have been working with an edited
version of GHOST.c : the original version has a name buffer of size
1024, which is indeed perfectly fine to copy 991 + 1 byte !

There is no stack overflow in the original GHOST.c code : my humble
appology for the noise :(

Best regards,

j-

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: