oss-sec mailing list archives

CVE request: Invalid pointer dereference in the GNOME librest library

From: Florian Weimer <fweimer () redhat com>
Date: Wed, 04 Mar 2015 11:55:06 +0100

The OAuth implementation in librest, a helper library for RESTful
services part of the GNOME project, incorrectly truncates the pointer
returned by the rest_proxy_call_get_url function call, leading to an
application crash, or worse.

Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1183982

The security impact was noted in 2015, although the bug was fixed in 2014.

-- 
Florian Weimer / Red Hat Product Security

Current thread:

CVE request: Invalid pointer dereference in the GNOME librest library Florian Weimer (Mar 04)
- Re: CVE request: Invalid pointer dereference in the GNOME librest library cve-assign (Mar 23)