oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request -- libvirt: virBitmapParse out-of-bounds read access

From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 29 Aug 2013 16:20:00 +0200
The virBitmapParse function was calling virBitmapIsSet() function that
requires the caller to check the bounds of the bitmap without checking
them. This resulted into crashes when parsing a bitmap string that was
exceeding the bounds used as argument.

Introduced by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08

Upstream fix:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25

References:
https://bugzilla.redhat.com/show_bug.cgi?id=997367

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: