| Summary: | SBLIM: Heap-based buffer overflow (CVE-2010-{1937,2054}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | trivial | CC: | ali_bush, java, jieryn |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784 | ||
| Whiteboard: | ~2 [invalid] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2010-09-03 21:04:27 UTC
CVE-2010-2054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2054): Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information. This does not affect the dev-java aspect of SBLIM, which is the sum total of what this package provides. Closing as invalid. (In reply to comment #2) > This does not affect the dev-java aspect of SBLIM, which is the sum total of > what this package provides. Closing as invalid. > Refrain from closing bugs assigned to security@ please (or generally any bugs that are not assigned to you). Feel free to make a comment, and *we* will take care of the closing after double-checking things. In this case, we indeed don't have the software in portage. Adapting whiteboard. |
