oss-sec mailing list archives
CVE request for icinga 1 byte \0 overflows
From: Marcus Meissner <meissner () suse de>
Date: Thu, 13 Mar 2014 14:19:19 +0100
Hi, I am not sure whether this needs a CVE... The icinga team silently fixed some single byte \0 overflows. https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d (also the non public https://dev.icinga.org/issues/5663 is referenced by commit above) I think they all go via strcpy() into known sized stack buffers, so should be caught by FORTIFY_SOURCE. Probably still needs a CVE. Ciao, Marcus
Current thread:
- CVE request for icinga 1 byte \0 overflows Marcus Meissner (Mar 13)
- Re: CVE request for icinga 1 byte \0 overflows cve-assign (Mar 13)
- Re: Re: CVE request for icinga 1 byte \0 overflows Agostino Sarubbo (Mar 13)
- Re: CVE request for icinga 1 byte \0 overflows cve-assign (Mar 13)