oss-sec mailing list archives
Re: CVE request: heap buffer overflow in glibc swscanf
From: Gsunde Orangen <gsunde.orangen () gmail com>
Date: Wed, 04 Feb 2015 00:17:05 +0100
Hi Paul, all, test case also fails on 2.18 and 2.17, tested on openSUSE. I assume this bug was introduced by the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=13138 Thus glibc 2.15ff are vulnerable. Gsunde On Sun, 1 Feb 2015 11:22:54 -0800, Paul Pluzhnikov wrote:
Greetings, https://sourceware.org/bugzilla/show_bug.cgi?id=16618 is almost 1 year old, and still not fixed in glibc trunk. I have verified that the test case from it fails with libc6 2.19-0ubuntu6.5 and current trunk glibc. Don't know if it's exploitable, but it seems like it could easily be. (I'll see if I can fix it in the mean time.) Thanks, -- Paul Pluzhnikov
Current thread:
- CVE request: heap buffer overflow in glibc swscanf Paul Pluzhnikov (Feb 01)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Daniel Micay (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Florian Weimer (Feb 04)
- <Possible follow-ups>
- Re: CVE request: heap buffer overflow in glibc swscanf Gsunde Orangen (Feb 03)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)