oss-sec mailing list archives
Re: heap overflow in procmail
From: cve-assign () mitre org
Date: Wed, 3 Sep 2014 23:52:29 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I noticed a heap overflow in procmail when parsing addresses with unbalanced quotes.
formisc.c
$ formail -s < mbox > /dev/null *** Error in `formail': free(): invalid next size
CVE-2014-3618 for this issue
The CVE team at MITRE agrees that CVE-2014-3618 can continue to be used for this formail issue. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUB+GEAAoJEKllVAevmvmsIo4IAMFI3Ya78DjKWrGZatHQL8jj fb0GdS5r9dKpuhU3Pyoj30YzEwJwCOF1mkIY9iCb/KPpVMdyDcxKWIf7bKe9kibe n+OfziWTn//W04yjCH02kEPRsyKQs46oQH1YUnV4Z32OKedGeeDhZPdQ5fj8VO0E m4OA657P45VhhiWPYY3xmVdGj8l7nnsl2ABTZRp6Ya7i9AC0SGIYA1au1exMkIHl daEwcLVGaU+BONAoZ6MUIhF6F07O3IxYJ0v6/079uTT9Bs3Ct3fjucpi45GMo90n hNewEWTGVjkn4rzTTWvyAiwdeFYyzii5CGseWQnDiP3qGWNdXQwGLLy8yFIF9/c= =1LSS -----END PGP SIGNATURE-----
Current thread:
- heap overflow in procmail Tavis Ormandy (Sep 03)
- Re: heap overflow in procmail Kurt Seifried (Sep 03)
- Re: heap overflow in procmail cve-assign (Sep 03)
- RE: heap overflow in procmail Christey, Steven M. (Sep 03)
- Re: heap overflow in procmail Michal Zalewski (Sep 03)
- Re: heap overflow in procmail Kurt Seifried (Sep 04)
- Re: heap overflow in procmail Kurt Seifried (Sep 04)
- Re: heap overflow in procmail Kurt Seifried (Sep 03)
- Re: heap overflow in procmail Rich Felker (Sep 03)
- Re: heap overflow in procmail Tavis Ormandy (Sep 03)
- Re: Re: heap overflow in procmail Rich Felker (Sep 04)
- Re: Re: heap overflow in procmail Tavis Ormandy (Sep 04)
- Re: heap overflow in procmail Tavis Ormandy (Sep 03)
- <Possible follow-ups>
- Re: heap overflow in procmail Jack Frosch (Sep 05)
- Re: Re: heap overflow in procmail Simon McVittie (Sep 05)