oss-sec mailing list archives
Re: Re: CVE Request: jabberd remote information disclosure
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 17 Jun 2015 17:21:39 +0200
On Mon, 23 Feb 2015 16:16:38 -0500 (EST) cve-assign () mitre org wrote:
If the data ends with an unterminated multi-byte UTF8 sequence then libidn may copy data past the buffer into the result.https://github.com/jabberd2/jabberd2/issues/85the stringprep functions from libidn require the input to be valid UTF8The libidn documentation claims "This function will not read or write to characters outside that size." about the length of the buffer that needs to be specified, but this is not true,Use CVE-2015-2059 for this libidn out-of-bounds read issue. Possibly it could be argued that this is a borderline case for a CVE. However, the documentation says "This function will not read or write to characters outside that size" rather than "If the input is valid UTF-8, then this function will not read or write to characters outside that size." If the input is not valid UTF-8, then the function is entitled to undefined behavior within the bounds of the buffer.
Old thread, but I thought worth mentioning. This was already found by Sam Varshavchik in 2013: http://permalink.gmane.org/gmane.comp.gnu.libidn.general/462 As the CVE is already assigned I don't think this matters too much, but maybe MITRE wants to reference that. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Re: CVE Request: jabberd remote information disclosure Hanno Böck (Jun 17)