oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

mmsclient: CVE request

From: Stefan Behte <Stefan.Behte () gmx net>
Date: Thu, 10 Dec 2009 21:43:04 +0100
Hello,

Harald van Dijk reported a buffer overflow in mmsclient in client.c to
Gentoo security (https://bugs.gentoo.org/show_bug.cgi?id=263413):

Line 28: #define BUF_SIZE 102400
Line 470: char data[1024];
Line 551: len = read (s, data, BUF_SIZE) ;

In a different Gentoo bug about the issue
(http://bugs.gentoo.org/show_bug.cgi?id=284747), Florian Streibelt noticed:

the reason for all this is in client.c:

31  #define BUF_SIZE 102400
[...]
473   char                 data[1024];
[...]
575   len = read (s, data, BUF_SIZE) ;
[...]
586   len = read (s, data, BUF_SIZE) ;

There might lurk more overflows in the (non-maintained) code.
Can I get a CVE for the issue?

Thanks,

Stefan Behte
Previous By Date Next
Previous By Thread Next

Current thread: