[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tinycc-devel] Fwd: CVE-2006-0635: Incorrect parsing of sizeof() may int
From: |
Romain Francoise |
Subject: |
[Tinycc-devel] Fwd: CVE-2006-0635: Incorrect parsing of sizeof() may introduce integer overflows |
Date: |
Sat, 11 Feb 2006 14:29:30 +0100 |
Hi,
I received the following bug report about TCC. At first glance, it
would seem that the return value of sizeof() is an int, when the
standard says that it should be a size_t, which is unsigned
(ยง6.5.3.4.4).
-------------------- Start of forwarded message --------------------
Subject: Bug#352202: CVE-2006-0635: Incorrect parsing of sizeof() may introduce
integer overflows
From: Moritz Muehlenhoff <address@hidden>
To: Debian Bug Tracking System <address@hidden>
Message-ID: <address@hidden>
Date: Fri, 10 Feb 2006 12:49:01 +0100
Package: tcc
Version: 0.9.23-2
Severity: grave
Tags: security
Justification: user security hole
"XFocus Security" discovered that tcc incorrectly evaluates certain sizeof()
expressions, which may lead integer overflows. Please see
http://www.securityfocus.com/archive/1/archive/1/424257/100/0/threaded
for details.
This has been assigned CVE-2006-0635, please mention it in the changelog when
fixing it.
Cheers,
Moritz
-------------------- End of forwarded message --------------------
--
,''`.
: :' : Romain Francoise <address@hidden>
`. `' http://people.debian.org/~rfrancoise/
`-
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Tinycc-devel] Fwd: CVE-2006-0635: Incorrect parsing of sizeof() may introduce integer overflows,
Romain Francoise <=