This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug stdio/17933] New: Stack overflow in swscanf

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 06 Feb 2015 08:17:55 +0000
Subject: [Bug stdio/17933] New: Stack overflow in swscanf
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=17933

            Bug ID: 17933
           Summary: Stack overflow in swscanf
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: stdio
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com

This is a placeholder bug for the second flaw in bug 16618.

>From cve-assign in <http://www.openwall.com/lists/oss-security/2015/02/04/1>:

â
Here, it seems that the goal of the policy is risk management for use
of alloca. This is security relevant for some applications that use
glibc, because it could (for example) allow a denial of service attack
that's intended to trigger a failed alloca. There was one intended
policy, and the the incorrect "__libc_use_alloca (newsize)" caused a
different (and weaker) policy to be enforced instead.

Use CVE-2015-1473 for this risk-management error.
â

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug stdio/17933] Stack overflow in swscanf (CVE-2015-1473)
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]