oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request(s): libgcrypt

From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 29 Dec 2014 21:46:42 +0100
* Joshua Rogers:


Double free of 'hd':
http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003300.html


The patch seems incorrect because the copy of the pointer in the
caller is not updated when first free happens.

The error can only happen on a path with an allocation failure, right?


off-by-one out-of-bounds read:
http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003299.html


This doesn't look like a security issue because the callers all use
in-range values.
Previous By Date Next
Previous By Thread Next

Current thread: