oss-sec mailing list archives
Re: Re: CVE request: heap buffer overflow in glibc swscanf
From: Daniel Micay <danielmicay () gmail com>
Date: Tue, 03 Feb 2015 22:34:14 -0500
Here, it seems that the goal of the policy is risk management for use of alloca. This is security relevant for some applications that use glibc, because it could (for example) allow a denial of service attack that's intended to trigger a failed alloca. There was one intended policy, and the the incorrect "__libc_use_alloca (newsize)" caused a different (and weaker) policy to be enforced instead. Use CVE-2015-1473 for this risk-management error.
alloca isn't checked if -fstack-check isn't used, and most distributions don't use it. There's a good chance that a guard page will be hit but no guarantee without -fstack-check.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: heap buffer overflow in glibc swscanf Paul Pluzhnikov (Feb 01)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Daniel Micay (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Florian Weimer (Feb 04)
- <Possible follow-ups>
- Re: CVE request: heap buffer overflow in glibc swscanf Gsunde Orangen (Feb 03)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)