Actions
Security #5027
closedsmtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Affected Versions:
Label:
CVE:
Git IDs:
7d30fb152afdbbea81dfa601f239254da2b786e9
7f5115395fd918417e4914ab42143f2ee91e6e28
a63133a4b6ebe4dc83298f38de50e5c73efe82f0
17ed7836a3df38c343956d8ceefd0ac3f442a243
cb3e66d6e9dabd1178693088180427cddf28b3f2
Severity:
MODERATE
Disclosure Date:
Description
The code we tend to execute is
ptmp = SCRealloc(state->ts_db, (state->ts_db_len + state->input_len)); if (ptmp == NULL) { SCFree(state->ts_db); state->ts_db = NULL; state->ts_db_len = 0; return -1; } state->ts_db = ptmp; memcpy(state->ts_db + state->ts_db_len, state->input, state->input_len); state->ts_db_len += state->input_len; } /* else */ state->input += state->input_len; state->input_len = 0;
indefinitely.
Updated by Shivani Bhardwaj almost 3 years ago
- Copied from Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Updated by Shivani Bhardwaj almost 3 years ago
- Priority changed from Normal to Urgent
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien over 2 years ago
- Status changed from In Review to Resolved
- Priority changed from Urgent to Normal
Fix staged.
Updated by Victor Julien over 2 years ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
Actions