oss-sec mailing list archives
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba
From: cve-assign () mitre org
Date: Wed, 26 Nov 2014 02:38:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow.
Announce: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html Upstream fix: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
Due to the unsigned integer this results in a pretty long value which won't fit anymore into the allocated buffer.
Use CVE-2014-9087. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUdYKjAAoJEKllVAevmvmsW0MIAK0AXXRqyrQZdqRfd+EXeJze HyXqqJVngMbdgwZwaGjhFVRBneCDn1GQVQ3zfFaqqREtl+8ult/QYKNKjl+525Gl AYtTWH1uxlf69RPxpkJN4wtgEEsky1+Z+FZx7EyVzg7PB4sImsixZDiveHl0tOdi +Ga9tie2aGZNEdWi+L2YmI80rg7pblg6v9eKLx/nd0dAKbi6zR/+rz1hNreOl13z TfN9cY2fEL0I2adKcH84Gm/JXoYX594hNqwUploDk1vgjfdXeqxVpPIDWhUeEs/S 5Jg/FnSa66fbDNrkXv561fAo7wafeS02bn+2pg+bdxLSbPxEPYQQ1qbB7prK3Ro= =Biqr -----END PGP SIGNATURE-----
Current thread:
- CVE Request: buffer overflow in ksba_oid_to_str in Libksba Salvatore Bonaccorso (Nov 25)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 25)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 25)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 26)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)