oss-sec mailing list archives
CVE request: glibc: potential application crash due to overread in fnmatch
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 26 Feb 2015 16:21:43 +0100
When processing certain malformed patterns, fnmatch can skip over the NUL byte terminating the pattern. This can potentially result in an application crash if fnmatch hits an unmapped page before encountering a NUL byte. Upstream bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=18032 The fix is here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 It will go into glibc 2.22. -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE request: glibc: potential application crash due to overread in fnmatch Florian Weimer (Feb 26)