oss-sec mailing list archives
CVE Request: Three integer overflows in glibc memory allocator
From: Will Newton <will.newton () linaro org>
Date: Wed, 11 Sep 2013 12:49:04 +0100
Hi, I recently discovered three integer overflow issues in the glibc memory allocator functions pvalloc, valloc and posix_memalign/memalign/aligned_alloc. These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption. The issues are fixed in glibc mainline. The relevant glibc bugzilla entries are here: https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Thanks, -- Will Newton Toolchain Working Group, Linaro
Current thread:
- CVE Request: Three integer overflows in glibc memory allocator Will Newton (Sep 11)
- Re: CVE Request: Three integer overflows in glibc memory allocator Kurt Seifried (Sep 11)