On Tue, Jun 19, 2018 at 07:00:48PM +, Dyer, Edwin wrote:
> Just curious if there was any additional comment on this potential
> OOB? I may have missed it and if so, apologies for the ask.
The fix is in master, and should be part of the upcoming v2.18. See
commit 9d2e330b17 (ewah_read_mmap: bo
, June 14, 2018 7:00 PM
To: git@vger.kernel.org
Subject: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|
Hi folks,
Recently, I’ve found a security issue related to out-of-bound read at function
named `ewah_read_mmap`
Assume that, an attacker can put malicious `./git/index` into a
Jeff King writes:
> On Fri, Jun 15, 2018 at 06:59:43AM +0800, Luat Nguyen wrote:
>
>> Recently, I’ve found a security issue related to out-of-bound read at
>> function named `ewah_read_mmap`
>
> Thanks, this is definitely a bug worth addressing. But note...
>
>> Assume that, an attacker can put
On Fri, Jun 15, 2018 at 06:59:43AM +0800, Luat Nguyen wrote:
> Recently, I’ve found a security issue related to out-of-bound read at
> function named `ewah_read_mmap`
Thanks, this is definitely a bug worth addressing. But note...
> Assume that, an attacker can put malicious `./git/index` into a
Hi folks,
Recently, I’ve found a security issue related to out-of-bound read at function
named `ewah_read_mmap`
Assume that, an attacker can put malicious `./git/index` into a repo by somehow.
Since there is lack of check whether the remaining size of `ptr`is equal to
`buffer_size` or not.
So
5 matches
Mail list logo
