oss-sec mailing list archives
Re: memory safety bugs in bc
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 29 Nov 2018 11:40:54 -0500
On Thu 2018-11-29 10:18:18 +0100, Marcus Meissner wrote:
Given Mitres guidance on "dcraw", as this is a standalone tool and only denial of service attacks I do not see a need for CVEs.
On my debian unstable system, i see 45 packages that depend on bc.
I haven't evaluated how many of those systems might pass untrusted input
to bc (maybe none!), but this is hardly "standalone".
Hanno, thanks for finding and reporting these problems!
--dkg
Current thread:
- memory safety bugs in bc Hanno Böck (Nov 28)
- Re: memory safety bugs in bc Marcus Meissner (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Hanno Böck (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Marcus Meissner (Nov 29)