|
Message-ID: <20140606142703.GA9610@inutil.org> Date: Fri, 6 Jun 2014 16:27:03 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: possible miniupnpc buffer overflow On Wed, Apr 30, 2014 at 04:45:26PM +1000, Murray McAllister wrote: > Good morning, > > It was pointed out in > https://bugzilla.redhat.com/show_bug.cgi?id=1085618 that miniupnpc > version 1.9 fixes a possible buffer overflow: > > https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 > > I am not familiar with the code but it may be just a crash, with an > invalid read here (on line 131): > > 129 /* parse header lines */ > 130 for(i = 0; i < endofheaders - 1; i++) { > 131 if(colon <= linestart && > header_buf[i]==':') > > Can a CVE be assigned if one has not been already? This seems to have fallen through the cracks. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.