Date: Mon, 24 Feb 2003 10:27:47 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Alexandr Kovalenko <never@nevermind.kiev.ua> Cc: freebsd-security@freebsd.org Subject: Re: Fwd: buffer overrun in zlib 1.1.4 Message-ID: <20030224162747.GB87372@madman.celabo.org> In-Reply-To: <20030224160844.GE82145@nevermind.kiev.ua> References: <20030224160844.GE82145@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 24, 2003 at 06:08:44PM +0200, Alexandr Kovalenko wrote: > ----- Forwarded message from Richard Kettlewell <rjk@greenend.org.uk> ----- > > Date: Sat, 22 Feb 2003 00:05:47 +0000 > From: Richard Kettlewell <rjk@greenend.org.uk> > X-Mailer: Norman > To: bugtraq@securityfocus.com > Subject: buffer overrun in zlib 1.1.4 > X-Mailer: VM 7.03 under 21.4 (patch 6) "Common Lisp" XEmacs Lucid > > zlib contains a function called gzprintf(). This is similar in > behaviour to fprintf() except that by default, this function will > smash the stack if called with arguments that expand to more than > Z_PRINTF_BUFSIZE (=4096 by default) bytes. Nothing in the base system uses gzprintf, AFAIK. If applications are found that use it (and do not check Z_PRINTF_BUFSIZE), then please let us know. When an official zlib patch or new version is available, we'll import it. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030224162747.GB87372>