oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)

From: Sam James <sam () gentoo org>
Date: Thu, 3 Nov 2022 20:32:33 +0000



On 3 Nov 2022, at 20:23, Sam James <sam () gentoo org> wrote:
[snip]



[2] https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057


I should add - the LTO warnings with GCC here (-Wfree-nonheap-object) are possibly
false positives, but Clang doesn't emit them IIRC and I think it's a valuable
resource to dig into.

Attachment: signature.asc
Description: Message signed with OpenPGP

Previous By Date Next
Previous By Thread Next

Current thread: