oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [CVE request] Array allocation fixes in libgfortran

From: cve-assign () mitre org
Date: Wed, 23 Jul 2014 22:08:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


several CVE-2002-0391-style integer overflows in array allocation in
libgfortran

https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721


Use CVE-2014-5044.

It seems fairly clear that there is only one CVE ID needed. However,
can you clarify what definition of "CVE-2002-0391-style integer
overflows" you were using? We think you might mean:

  - any integer overflow caused by multiplying the number of elements
    in an array by the size of a single element

  - this includes, but isn't limited to, cases where the array
    elements represent arguments

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT0GoDAAoJEKllVAevmvmsFnAH/0NvbICQOkjYCUuhVPkptG1H
EHsDkC8Ll+H8vAB9uBBFY5bFPLKNLiVZv7E8Y51X4MqiugwVRgJ4mHxd88LgnI+A
1gsQbW3GR2uphO7MxHFGDNiwAsht0KONUTI+dGvi8gOBiQeLDWWxM5uxoqjc4EwP
5kCa/Vo+d+l6UvSbk2KNqqcWapfVIgDpPGqkFADDQ+UfUfFAOaRj6xV1siBjxgDE
ONJbFQIlrXBPWXDnDC5uKycrpdTQGojHuhK+7mLejOHMIc7oT/Fvt3IOMrNn4EVE
/frwqAit/n2WkeU52poljl/w6d56Bx2+i33pJy98zYKaOi+eve3AmnisVGhFgoI=
=1dP4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: