oss-sec mailing list archives
Re: CVE Request(s): libgcrypt
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 29 Dec 2014 21:46:42 +0100
* Joshua Rogers:
Double free of 'hd': http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003300.html
The patch seems incorrect because the copy of the pointer in the caller is not updated when first free happens. The error can only happen on a path with an allocation failure, right?
off-by-one out-of-bounds read: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003299.html
This doesn't look like a security issue because the callers all use in-range values.
Current thread:
- CVE Request(s): libgcrypt Joshua Rogers (Dec 29)
- Re: CVE Request(s): libgcrypt Florian Weimer (Dec 29)
- Re: CVE Request(s): libgcrypt Joshua Rogers (Dec 29)
- Re: CVE Request(s): libgcrypt Florian Weimer (Dec 29)