[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Assignment (gnustep)
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-05-07 18:42:38
Message-ID: 998299634.765771273257758457.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Dan Rosenberg" <dan.j.rosenberg@gmail.com> wrote:
> Note that there's a second bug in there - a potentially exploitable
> integer overflow leading to heap overflow when reading a file (or
> socket) with a very large number of lines, causing several malloc()
> calls to underallocate space. This should probably receive a second
> CVE.
>
> http://article.gmane.org/gmane.comp.lib.gnustep.bugs/12379
>
Ahh, I missed that one. I see it now, thanks.
Use CVE-2010-1620 for the integer overflow.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic