17933 – (CVE-2015-1473) Stack overflow in swscanf (CVE-2015-1473)

Bug 17933 (CVE-2015-1473) - Stack overflow in swscanf (CVE-2015-1473)

Summary: Stack overflow in swscanf (CVE-2015-1473)

Status:	RESOLVED DUPLICATE of bug 16618

Alias:	CVE-2015-1473

Product:	glibc
Classification:	Unclassified
Component:	stdio (show other bugs)
Version:	2.21

Importance:	P2 normal
Target Milestone:	2.22
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-06 08:17 UTC by Florian Weimer
Modified:	2015-07-21 03:15 UTC (History)
CC List:	0 users

See Also:	https://bugs.gentoo.org/show_bug.cgi?id=552694
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Weimer 2015-02-06 08:17:55 UTC

This is a placeholder bug for the second flaw in bug 16618.

From cve-assign in <http://www.openwall.com/lists/oss-security/2015/02/04/1>:

“
Here, it seems that the goal of the policy is risk management for use
of alloca. This is security relevant for some applications that use
glibc, because it could (for example) allow a denial of service attack
that's intended to trigger a failed alloca. There was one intended
policy, and the the incorrect "__libc_use_alloca (newsize)" caused a
different (and weaker) policy to be enforced instead.

Use CVE-2015-1473 for this risk-management error.
”

Comment 1 Florian Weimer 2015-02-06 08:20:03 UTC

Fixed in 2.21, as part of commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.  Tracked in bug 16618, this is just a placeholder for the CVE-2015-1473 alias.

*** This bug has been marked as a duplicate of bug 16618 ***