605638 – sys-apps/ed: CVE-2017-5357: invalid free

Bug 605638 - sys-apps/ed: CVE-2017-5357: invalid free

Summary: sys-apps/ed: CVE-2017-5357: invalid free

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-01-14 06:42 UTC by Ian Zimmerman
Modified:	2017-01-14 12:33 UTC (History)
CC List:	0 users

See Also:	CVE-2017-5357
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Zimmerman 2017-01-14 06:42:33 UTC

According to the posting on oss-security:

ed 1.14.1 fixes an invalid free, reported here:
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html

Reproducer:
echo -e "H\n?\{" | ed

Found with afl.


Reproducible: Always

Format For Printing
- XML
- Clone This Bug
- Clone In The Same Product
- Top of page