Описание
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libbsd | fixed | 0.8.2-1 | package | |
| libbsd | not-affected | wheezy | package | |
| libbsd | not-affected | squeeze | package |
Примечания
Not used anywhere in Debian according to codesearch.debian.net
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
https://bugs.freedesktop.org/show_bug.cgi?id=93881
Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
EPSS
Связанные уязвимости
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
EPSS