[Secure-testing-team] Bug#862086: glibc: CVE-2017-8804: Memory leak after deserialization failure in xdr_bytes, xdr_string
Salvatore Bonaccorso
carnil at debian.org
Mon May 8 10:56:20 UTC 2017
Source: glibc
Version: 2.19-18
Severity: important
Tags: upstream security
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
Hi,
the following vulnerability was published for glibc, opening the bug
to track the issue as well in the BTS.
CVE-2017-8804[0]:
| The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc
| or libc6) 2.25 mishandle failures of buffer deserialization, which
| allows remote attackers to cause a denial of service (virtual memory
| allocation, or memory consumption if an overcommit setting is not used)
| via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8804
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21461
Regards,
Salvatore
More information about the Secure-testing-team
mailing list