* [glibc-2.20] CVE-2015-1472: wscanf allocates too little memory
@ 2015-01-01 0:00 Mike Frysinger
0 siblings, 0 replies; only message in thread
From: Mike Frysinger @ 2015-01-01 0:00 UTC (permalink / raw)
To: libc-stable
[-- Attachment #1: Type: text/plain, Size: 655 bytes --]
i've backported this to the 2.20 branch
-mike
commit 4d54424420c6300efbf57a7b9aa8635a8b8c1942
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Fri Feb 6 00:30:42 2015 -0500
CVE-2015-1472: wscanf allocates too little memory
BZ #16618
Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer. The
implementation now correctly computes the required buffer size when
using malloc.
A regression test was added to tst-sscanf.
(cherry picked from commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06)
Conflicts:
ChangeLog
NEWS
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-17 7:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-01 0:00 [glibc-2.20] CVE-2015-1472: wscanf allocates too little memory Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).