|
Message-ID: <CANu=DmiJPziPFDCBojv=29UPnc=N+LpRWtVNSda8izMYBjir0A@mail.gmail.com> Date: Wed, 11 Sep 2013 12:49:04 +0100 From: Will Newton <will.newton@...aro.org> To: oss-security@...ts.openwall.com Subject: CVE Request: Three integer overflows in glibc memory allocator Hi, I recently discovered three integer overflow issues in the glibc memory allocator functions pvalloc, valloc and posix_memalign/memalign/aligned_alloc. These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption. The issues are fixed in glibc mainline. The relevant glibc bugzilla entries are here: https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Thanks, -- Will Newton Toolchain Working Group, Linaro
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.