Full Disclosure mailing list archives
Re: mutt buffer overflow
From: "Frank Denis (Jedi/Sector One)" <j () pureftpd org>
Date: Thu, 18 Aug 2005 12:39:45 +0159
Peter, On Thu, Aug 18, 2005 at 02:57:33AM -0600, Peter Valchev wrote:
The problem is in the mutt attachment/encoding/decoding functions, specifically handler.c:mutt_decode_xbit() and the buffer bufi[BUFI_SIZE].
Can you reproduce this if you recompile libiconv/gettext/mutt?I reported that bug on Jul 12, but in fact it only happened with
libiconv/gettext compiled against an OpenBSD libc before the mb*() changes, but then running libc 38.2. An easier way to trigger this is ftp://ftp.00f.net/misc/mutt-crash-poc.mboxBut the mutt's code doesn't actually look wrong.
Best regards,-Frank.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- mutt buffer overflow Peter Valchev (Aug 18)
- Re: mutt buffer overflow Frank Denis (Jedi/Sector One) (Aug 18)