oss-sec mailing list archives

CVE Request: icu out of bounds access

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 09 Dec 2011 09:31:06 +0100

Hi,

An of bounds access was reported in icu:
http://bugs.icu-project.org/trac/ticket/8984

Unfortunately the chrome bug is private but the commit says "buffer
overflow":
http://codereview.chromium.org/8822005/patch/6001/7002

I suppose a negative len could end up in the strncpy at the end of the
function causing a buffer overflow.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

Current thread:

CVE Request: icu out of bounds access Ludwig Nussel (Dec 09)
- Re: CVE Request: icu out of bounds access Kurt Seifried (Dec 09)