oss-sec mailing list archives
Re: CVE Request: heap-based buffer overflow in libHX
From: Josh Bressers <bressers () redhat com>
Date: Fri, 20 Aug 2010 13:33:16 -0400 (EDT)
Please use CVE-2010-2947 Thanks. -- JB ----- "Thomas Biege" <thomas () suse de> wrote:
http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59 string: fixed buffer overflow in HX_split when too few fields are present Jan Engelhardt [Mon, 16 Aug 2010 17:08:51 +0000 (19:08 +0200)] When HX_split is called with a maximum number of desired fields (4th argument != 0), passing in a string that has less fields than that led to a buffer overrun (write beyond end of malloc'd area). CVSS Base Score: 10 - Impact Subscore: 10 - Exploitability Subscore: 10 CVSS Temporal Score: 7.4 CVSS Environmental Score: Undefined Overall CVSS Score: 7.4 CVSS Base vector:: AV:N/AC:L/Au:N/C:C/I:C/A:C - AV: libHX may be used by network services - Au: some services may not require authentication - A: can cause crash when result is freed CVSS Temporal vectors:: RL:O/RC:C Affects all versions prior to, and including, 3.5. -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request: heap-based buffer overflow in libHX Thomas Biege (Aug 20)
- Re: CVE Request: heap-based buffer overflow in libHX Josh Bressers (Aug 20)