oss-sec mailing list archives
Re: Re: [CVE request] Array allocation fixes in libgfortran
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 31 Jul 2014 11:34:24 +0200
On 07/24/2014 04:08 AM, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1several CVE-2002-0391-style integer overflows in array allocation in libgfortran https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721Use CVE-2014-5044.
Thanks. The fixes have been backported to GCC 4.8 and 4.9: https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html
It seems fairly clear that there is only one CVE ID needed. However, can you clarify what definition of "CVE-2002-0391-style integer overflows" you were using? We think you might mean: - any integer overflow caused by multiplying the number of elements in an array by the size of a single element - this includes, but isn't limited to, cases where the array elements represent arguments
The first, combined with the fact that the overflowing calculation is used to compute byte sizes for memory allocation purposes.
-- Florian Weimer / Red Hat Product Security
Current thread:
- [CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 23)
- Re: [CVE request] Array allocation fixes in libgfortran cve-assign (Jul 23)
- Re: Re: [CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 31)
- Re: [CVE request] Array allocation fixes in libgfortran cve-assign (Jul 23)