oss-sec mailing list archives
Re: CVE request: libcdaudio
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
On Wed, 5 Nov 2008, Thomas Biege wrote:
Hello, we need a CVE-ID for a buffer overflow in libcdaudio. It is a remotely exploitable heap-based buffer overflow.
Out of curiosity, what makes it remote? Use CVE-2008-5030 - Steve ====================================================== Name: CVE-2008-5030 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030 Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1 Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1 Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442 Reference: BID:32122 Reference: URL:http://www.securityfocus.com/bid/32122 Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data.
Current thread:
- CVE request: libcdaudio Thomas Biege (Nov 04)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 07)
- Re: CVE request: libcdaudio Thomas Biege (Nov 11)
- Re: CVE request: libcdaudio Steven M. Christey (Nov 10)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 11)
- Re: CVE request: libcdaudio Thomas Biege (Nov 11)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 11)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 07)