Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <833e90b2-db52-4939-b529-7d1ae411e867@thomas-ward.net>
Date: Wed, 26 Mar 2025 20:12:32 -0400
From: Thomas Ward <teward@...mas-ward.net>
To: oss-security@...ts.openwall.com,
 Alan Coopersmith <alan.coopersmith@...cle.com>
Subject: Re: atop: Heap corruption

Not sure if MITRE is on this list, but...

On 2025-03-26 19:56, Alan Coopersmith wrote:
> On 3/26/25 16:07, Solar Designer wrote:
>> Hi,
>>
>> This (or rather an earlier vague warning) made it to various tech news
>> sites today:
>>
>> https://rachelbythebay.com/w/2025/03/26/atop/
>
> CVE-2025-31160 appears to have been issued by Mitre to track this:
>
> https://www.cve.org/CVERecord?id=CVE-2025-31160
>
> but only listing the above blog and the ycombinator threads for details.
>
... this should include a link to 
https://github.com/Atoptool/atop/issues/330 which is a tracker for the 
issue in this CVE.  It looks like a munmap patch has been provided but 
it looks also that this may be one of multiple 'suspicious' commits on 
the radar (if you read the issue thread).


Thomas Ward, CISSP

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.