This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13656] New: vfprintf nargs integer overflow
- From: "kees at outflux dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 02 Feb 2012 20:52:43 +0000
- Subject: [Bug libc/13656] New: vfprintf nargs integer overflow
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13656
Bug #: 13656
Summary: vfprintf nargs integer overflow
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: kees@outflux.net
Classification: Unclassified
The nargs value can overflow when doing allocations, and argument-based offsets
are not bounds-checked, allowing arbitrary memory writes via format strings,
bypassing _FORTIFY_SOURCE protections:
http://www.phrack.org/issues.html?issue=67&id=9
Patch in progress:
http://cygwin.com/ml/libc-alpha/2012-02/msg00016.html
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.