oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: remote triggerable use-after-free in rpcbind

From: Steve Dickson <SteveD () redhat com>
Date: Thu, 17 Sep 2015 14:51:26 -0400


On 09/17/2015 12:20 PM, cve-assign () mitre org wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://www.spinics.net/lists/linux-nfs/msg53045.html
https://bugzilla.suse.com/show_bug.cgi?id=946204



frees the netbuf caller_addr and caller_addr.buf. However, it does not
clear xp_rtaddr, so xp_rtaddr.buf now refers to memory region A, which
is free.

... It will reuse the buffer inside xp_rtaddr


Use CVE-2015-7236.

Will there be a bz opened up? 

steved.
Previous By Date Next
Previous By Thread Next

Current thread: