bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From: Leo Famulari
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 19 Jun 2017 20:42:05 -0400
User-agent: Mutt/1.8.3 (2017-05-23) 
On Mon, Jun 19, 2017 at 07:05:10PM -0400, Leo Famulari wrote:
> I'm currently testing the patch for CVE-2017-1000369 in Exim:
> 
> https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
> 
> "To reach the start of the stack with the end of the heap (man brk), we
> permanently leak memory through multiple -p command-line arguments that
> are malloc()ated by Exim but never free()d (CVE-2017-1000369) -- we call
> such a malloc()ated chunk of heap memory a "memleak-chunk"."
> 
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Pushed as 4dd8d280857607d1ee41ae03c62c5e629ad75c37.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]