oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [CVE request] Array allocation fixes in libgfortran

From: Florian Weimer <fweimer () redhat com>
Date: Thu, 31 Jul 2014 11:34:24 +0200
On 07/24/2014 04:08 AM, cve-assign () mitre org wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


several CVE-2002-0391-style integer overflows in array allocation in
libgfortran

https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721


Use CVE-2014-5044.


Thanks.  The fixes have been backported to GCC 4.8 and 4.9:

https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html
https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html


It seems fairly clear that there is only one CVE ID needed. However,
can you clarify what definition of "CVE-2002-0391-style integer
overflows" you were using? We think you might mean:

   - any integer overflow caused by multiplying the number of elements
     in an array by the size of a single element

   - this includes, but isn't limited to, cases where the array
     elements represent arguments
The first, combined with the fact that the overflowing calculation is used to compute byte sizes for memory allocation purposes. 

--
Florian Weimer / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: