This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/16617] printf stack overflow with many format specs (CVE-2012-3406)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 16 Dec 2014 04:35:42 +0000
- Subject: [Bug stdio/16617] printf stack overflow with many format specs (CVE-2012-3406)
- Auto-submitted: auto-generated
- References: <bug-16617-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16617
--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.20/master has been updated
via a3a1f4163c4d0f9a36056c8640661a88674ae8a2 (commit)
from d73ac1bb436cf1adb62335f53b4fc91a02f40a3b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a3a1f4163c4d0f9a36056c8640661a88674ae8a2
commit a3a1f4163c4d0f9a36056c8640661a88674ae8a2
Author: Jeff Law <law@redhat.com>
Date: Mon Dec 15 10:09:32 2014 +0100
CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
A larger number of format specifiers coudld cause a stack overflow,
potentially allowing to bypass _FORTIFY_SOURCE format string
protection.
(cherry picked from commit a5357b7ce2a2982c5778435704bcdb55ce3667a0)
(cherry picked from commit ae61fc7b33d9d99d2763c16de8275227dc9748ba)
Conflicts:
NEWS
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 ++++++
NEWS | 4 ++-
stdio-common/Makefile | 2 +-
stdio-common/bug23-2.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++
stdio-common/bug23-3.c | 50 +++++++++++++++++++++++++++++++++
stdio-common/bug23-4.c | 31 +++++++++++++++++++++
stdio-common/vfprintf.c | 40 +++++++++++++++++++++++++-
7 files changed, 202 insertions(+), 4 deletions(-)
create mode 100644 stdio-common/bug23-2.c
create mode 100644 stdio-common/bug23-3.c
create mode 100644 stdio-common/bug23-4.c
--
You are receiving this mail because:
You are on the CC list for the bug.