This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/18016] New: Signed size comparison in memcpy-ssse3.S (CVE-2011-2702)

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 24 Feb 2015 15:51:31 +0000
Subject: [Bug libc/18016] New: Signed size comparison in memcpy-ssse3.S (CVE-2011-2702)
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=18016

            Bug ID: 18016
           Summary: Signed size comparison in memcpy-ssse3.S
                    (CVE-2011-2702)
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
                CC: drepper.fsp at gmail dot com
             Flags: security+

CVE mapping is based on an archived copy of
http://www.nodefense.org/eglibc.txt.

The signed comparison in __memcpy_ssse3 means that an out-of-bounds reference
is used for the jump table, which allows code execution and ASLR bypass (due to
the relative addressing).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug libc/18016] Signed size comparison in memcpy-ssse3.S (CVE-2011-2702)
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]