oss-sec mailing list archives

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: Yves-Alexis Perez <corsac () debian org>
Date: Thu, 29 Jan 2015 08:04:58 +0100

On mer., 2015-01-28 at 22:20 -0800, Paul Pluzhnikov wrote:

If I was supposed to cry alarm, I would have to cry alarm every time
there is a buffer overflow in glibc, which doesn't seem very useful.


Actually, a quick git log --grep "buffer over" in glibc git doesn't
reveal that much of them (although in case of CVE-2015-0235 the upstream
commit message wasn't even talking of a buffer overflow).

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- - - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
    - Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 28)
  - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
  - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)

(Thread continues...)