Various buffer overruns in coverity scan
rekkanoryo at rekkanoryo.org
Thu Oct 18 21:14:43 EDT 2012
On 10/18/2012 04:48 PM, Daniel Atallah wrote:
> I've noticed a couple buffer overruns, the most serious being CID
> 732103, which I believe can be triggered by a malicious user with a
> AIM direct connect session.
> There are also some significant issues with the mxit prpl's http handling.
> Would we get separate CVEs for these (and anything else), or come up
> with a general 2.10.7 CVE for this class of issues?
Are they the same root cause (i.e. insufficient bounds checking, unchecked
writing into a fixed-size buffer, or something of that sort), or are they
different? If the causes are different, we should get a CVE for each cause.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the security