Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 890564 (CVE-2022-46449) - <media-sound/mpd-0.23.11: stack corruption via large input
Summary: <media-sound/mpd-0.23.11: stack corruption via large input
Status: RESOLVED INVALID
Alias: CVE-2022-46449
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/MusicPlayerDaemon/...
Whiteboard: B2 [glsa?]
Keywords:
Depends on: 890806 891205
Blocks:
  Show dependency tree
 
Reported: 2023-01-12 02:37 UTC by John Helmert III
Modified: 2023-01-25 20:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-12 02:37:45 UTC 
CVE-2022-46449:

An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Looks like fix is: https://github.com/MusicPlayerDaemon/MPD/commit/73b5d0a9b9ace89edcee30d9d83eb16c27c6f9b2

Please stabilize 0.23.11.
Comment 1 Larry the Git Cow gentoo-dev 2023-01-19 08:57:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8df3ad751d0ab041eedddc831d79577b4baa5bee

commit 8df3ad751d0ab041eedddc831d79577b4baa5bee
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-01-19 08:57:08 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-01-19 08:57:08 +0000

    media-sound/mpd: drop 0.23.9-r1, 0.23.10
    
    Bug: https://bugs.gentoo.org/890564
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 media-sound/mpd/Manifest             |   2 -
 media-sound/mpd/mpd-0.23.10.ebuild   | 289 ----------------------------------
 media-sound/mpd/mpd-0.23.9-r1.ebuild | 290 -----------------------------------
 3 files changed, 581 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 20:31:05 UTC 
Oops, this is actually Windows-specific according to the upstream commit.