Описание
[REJECTED CVE] An out-of-bounds memory read in function psf_strlcpy_crlf when running test suite of libsndfile with address sanitizer enabled was found.
Отчет
This CVE has been rejected upstream after analysis showed the issue originated from a flawed test case, not a real vulnerability. The test incorrectly passed sizeof(src)—a pointer size—causing false out-of-bounds warnings under AddressSanitizer. The test runs only during make check and has no impact on production. Vendor fixes also reflect the test's invalidity, confirming no security risk exists. Refer to the announcement mail here: https://seclists.org/oss-sec/2015/q4/226. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libsndfile | Will not fix | ||
| Red Hat Enterprise Linux 7 | libsndfile | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
4.3 Medium
CVSS2