oss-sec mailing list archives
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?
From: cve-assign () mitre org
Date: Mon, 21 Dec 2015 21:31:18 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://bugs.gentoo.org/show_bug.cgi?id=569010
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
So in codeconv.c there is a function for japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca().
http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82 conv_jistoeuc conv_euctojis conv_sjistoeuc
The original discoverer found a conv_jistoeuc issue, and then the vendor apparently also found conv_euctojis and conv_sjistoeuc issues. However, we don't see an indication that these issues arose in independent ways. (Also, there is no vendor statement that conv_euctojis or conv_sjistoeuc is exploitable.) It seems best to assign CVE-2015-8614 to the combination of the conv_jistoeuc, conv_euctojis, and conv_sjistoeuc issues.
This version also fixes two oob errors I reported, I don't think they're security risks
There are currently no CVE IDs for these: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559 We think this might mean that there is a bug in code supporting the UI, triggerable with UI interaction and not triggerable with any untrusted input. http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563 There isn't a statement of a security impact. If there is data loss in a realistic scenario, then a CVE ID can be assigned. For example, the user is in the middle of composition of a long outbound message and pauses to read a new inbound message containing a "List-Archive: <" line, and then there is a crash causing the entire composition to be irretrievably lost. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWeLVXAAoJEL54rhJi8gl5OKcP/2Wht3iy1rvLGBP1c49DfvMb elsgsowxPnNHDuY3eNbY7VuKvfK+LR4aLafK/puq/x9f8RW5RAN4iPEgYwuoZ36I 2Jlfr9phP4F/s3AElMlLlnw2a0VsK7q77qiQCpSIORSxettjaaSMe0ANnA0aIm9B zwQDjGtR+g/c6BHmCgNtWy/xtx31v76Cueu2h2kI6ChiXXD9ogpo/QsPJESyk8Cm B7fXXfgpj0fz/3naVobU4tnCoJe8fLrI1iwkyfpWIf8zk/JLX6SlbulK8RkwyJgM mxZAHlmNNyb3N2/DGO6vj5BXxoAuOaJ13FVIOlTngIcbdv6jijfcrZ4h9YP3V3h7 2bxp8kh/PL9us6XrlH5H70yFNXUvgHXK5VYEtd3uQZPE/Sn9e7YlAbOSriyvZSZ0 P85BSDFUZgTwvI/G/iP6moMeclpDJ85I853IGKiDMvamLK8/6X8x75zzZTqIJHIs pxZsrnbBDW+E9574KHuHtO5IohdNKpAVx2cP7ooVTvs4F//rxIGta0UUV+eW7Pxi XVHAi358cFE33C8ZDldJTygIkaZz3pRfoK0WYKKV0RrlpxOoRnLwDBZW4qeru+VM Cdcl/I627zbOcNu7gHE1HOX9CVzeDAFZxg6duqRsBHbECimJyI+hyVoAQGYj8Ard GvKWDNciI/GdMgvBe3hc =C4ff -----END PGP SIGNATURE-----
Current thread:
- mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Kurt Seifried (Dec 21)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 31)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)