[arch-security] [ASA-201602-7] libbsd: denial of service
Christian Rebischke
Chris.Rebischke at archlinux.org
Thu Feb 4 20:30:21 UTC 2016
Arch Linux Security Advisory ASA-201602-7
==========================================
Severity: Low
Date : 2016-02-04
CVE-ID : CVE-2016-2090
Package : libbsd
Type : denial of service
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libbsd before version 0.8.2-1 is vulnerable to denial of
service due to a buffer overflow in the "fgetwln"-function.
Resolution
==========
Upgrade to 0.8.2-1.
# pacman -Syu "libbsd>=0.8.2-1"
The problem has been fixed upstream in version 0.8.2.
Workaround
==========
None.
Description
===========
- CVE-2016-2090 (buffer overflow)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An "if" checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of bounds
write happens.
Impact
======
A local attacker might be able to crash the application.
References
==========
https://access.redhat.com/security/cve/CVE-2016-2090
https://bugs.freedesktop.org/show_bug.cgi?id=93881
http://article.gmane.org/gmane.comp.security.oss.general/18715
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160204/125b0ffa/attachment.asc>
More information about the arch-security
mailing list