Re: A heap-buffer-overflow in another () at cmds.c:202

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A heap-buffer-overflow in another () at cmds.c:202

From:	Erik Auerswald
Subject:	Re: A heap-buffer-overflow in another () at cmds.c:202
Date:	Sun, 25 Sep 2022 14:47:35 +0200

Hi,

On Sat, Dec 25, 2021 at 12:49:46PM +0800, ZFeiXQ wrote:
> ## Description
> 
> A heap-buffer-overflow in another () at cmds.c:202, The vulnerability causes 
> a abort fault and application crash.
> 
> **version**
> 
> ```
> ./ftp--version
> 
> 
> ftp (GNU inetutils) 2.2
> [...]

Thanks for reporting this bug.  I have fixed this crash with git commit
9dd2ccb8de204e2333b7ffab90ded9f2178d64d8
<https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9dd2ccb8de204e2333b7ffab90ded9f2178d64d8>.

Kind regards,
Erik

[Prev in Thread]

Current Thread

[Next in Thread]

Re: A heap-buffer-overflow in another () at cmds.c:202, Erik Auerswald <=

Prev by Date: Re: [bug #61722] Untrusted Pointer Dereference in domacro() at inetutils/ftp/domacro.c:186
Next by Date: Re: fixing the ftp crashes found via fuzzer (was: Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.)
Previous by thread: Re: [bug #61722] Untrusted Pointer Dereference in domacro() at inetutils/ftp/domacro.c:186
Next by thread: [PATCH] ifconfig hurd: Notify pfinet of interfaces
Index(es):
- Date
- Thread