oss-sec mailing list archives
HT Editor 2.0.20 buffer overflows CVE-2012-5867
From: cve-assign () mitre org
Date: Wed, 14 Nov 2012 17:06:37 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have assigned CVE-2012-5867 for the stack-based buffer overflows in the sys_common_canonicalize function in vfs.cc in HT Editor (aka hte): http://www.exploit-db.com/exploits/22683/ The disclosure says "To be honnest, it may be the only interest, as the binary is not SUID." We have not determined what realistic use cases lead to sys_common_canonicalize function calls, other than cases in which the user interactively enters a filename, or interactively selects a directory. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJQpBBMAAoJEGvefgSNfHMdg9wIAL2KgWGj5Vh4x59Ge9X7bT1d aPwDY8BK4cWMzbFuL1Mx8dtSFPgcaQ9Wsk7rp5GPSB/DWhNQq84ikhHWd/Lgmc3h /sD9jl3kB2isaynQreJ0a9oRT0AwTBtUAgyDYLywa7tv66z89UZ0ST4qT9lIkElB Z1aABhq+5FPa2JTbxgpPy+JQnxyIwpovpJkGRYp3lSt8WJNk0bNUNPbhz/BSOtjK EIAw2kypSWltFyM5B4WFkF3he0Manjk+A2DAfPJpWWgWeDBuixkqcBxewSQjGnZ+ EznmrUz/UprrurqZ8ERRyIeruP79GcFJWqLQWcomcbMuqctS9iiNayZ8Fbl4vu0= =SxaN -----END PGP SIGNATURE-----
Current thread:
- HT Editor 2.0.20 buffer overflows CVE-2012-5867 cve-assign (Nov 14)