oss-sec mailing list archives
Re: CVE Request: integer overflow in ALSA snd_compress_check_input
From: cve-assign () mitre org
Date: Tue, 28 Jun 2016 11:00:56 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
but there was no 2012 CVE assignment to the original fixing commit b35cc8225845 as far as I see: commit b35cc8225845112a616e3a2266d2fde5ab13d3ab Author: Dan Carpenter <dan.carpenter () oracle com> Date: Wed Sep 5 15:32:18 2012 +0300 ALSA: compress_core: integer overflow in snd_compr_allocate_buffer() These are 32 bit values that come from the user, we need to check for integer overflows or we could end up allocating a smaller buffer than expected.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab
Use CVE-2012-6703. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXcpCGAAoJEHb/MwWLVhi2aMYP/j9JEZplRgptXAOO/yVII9Bd sUd/mJuGgc9HRMzppMPhu8GLjA0IIG1Ms0T3OL37ESBGOqKAMaWQO2E1WNl61igq QzrZGE6t8aYLoP4rESXWmSbZ2QQHxKpXfre48Uaek/Flc4sVMeCW0TfwZANv5CEB mdLLpDNDDpgUWDzAE27PG1+zSJoE+aI+HM72rKfRYTpSmzqcGbA7rxGB+/8whkVO yaUeIRrZ1Tn8m320+HEA7pfUF48cS5i5RCir99eViLhXlk1rTDDrHUYxhnD9cSi0 dR9JZNLfPNhJKjAe/NjqnsLVLk97wKGP0vKnSvm9TSt26DGeg99jEelc073/tGIR xEgcnSZ8enle+O6T1nJFykOKolujeqzzu2AApZTSTs4uofLPl0pnIptfaC+j4Vxv 0Myl38AzITonRBMVQprhcKg3A5AF+dMdZeRycwZauVTy4q6AgfHnLo0ahpDD515U T2a+2W8Yo3n8b/GDN8P4HGvo7rrVuyMyVyT53U0qgdz2Ls6qQX9Z0pAHINRJNujD BJivsm49vw9NnzDo0opxh9fiO3MLoT/4lot//c1NyBvEaJzrOAMic6MthYFaIGSI lTE796ibKjdk6v3G6YdQs5vug2HvFe4I8yYl1OPwF4Qb29DzkQ52rPT1GezD/nJA Avd/cqOXOsknyoDGR5k5 =J3ot -----END PGP SIGNATURE-----
Current thread:
- CVE Request: integer overflow in ALSA snd_compress_check_input Marcus Meissner (Jun 28)
- Re: CVE Request: integer overflow in ALSA snd_compress_check_input cve-assign (Jun 28)