| Summary: |
<net-libs/gsoap-2.8.50: Stack-based buffer overflow when receieving XML message with size larger than 2GB |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
patrick, polynomial-c
|
| Priority: |
Normal
|
Flags: |
stable-bot:
sanity-check+
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1472807
|
| Whiteboard: |
B3 [noglsa cve] |
|
Package list:
|
=net-libs/gsoap-2.8.51
|
Runtime testing required:
|
---
|
|---|
From ${URL} : A buffer overflow can cause an open unsecured server to crash after 2GB (greater than 2147483711 bytes to trigger the software bug)) XML message is received. Fortunately, the overflowing data after 2GB is cleaned up in the buffer which means that the chances of exploiting this flaw (by injecting code) is significantly reduced in gSOAP versions affected. References: https://www.genivia.com/advisory.html @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.