Various buffer overruns in coverity scan

John Bailey rekkanoryo at rekkanoryo.org
Thu Oct 18 21:14:43 EDT 2012


On 10/18/2012 04:48 PM, Daniel Atallah wrote:
> I've noticed a couple buffer overruns, the most serious being CID
> 732103, which I believe can be triggered by a malicious user with a
> AIM direct connect session.
> 
> There are also some significant issues with the mxit prpl's http handling.
> 
> Would we get separate CVEs for these (and anything else), or come up
> with a general 2.10.7 CVE for this class of issues?

Are they the same root cause (i.e. insufficient bounds checking, unchecked
writing into a fixed-size buffer, or something of that sort), or are they
different?  If the causes are different, we should get a CVE for each cause.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121018/42bed30b/attachment.pgp>


More information about the security mailing list