oss-sec: Re: CVE request: Digest::SHA double free when using load subroutine

oss-sec mailing list archives

Re: CVE request: Digest::SHA double free when using load subroutine

From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 15 Jan 2013 20:37:17 +0100

* Kurt Seifried:

I'm not clear, how would an attacker exploit this? They'd need to be
able to specify the file that gets hashed, and the file would have to
be not present and would thus trigger the crash? Are there any real
world examples of an affected application? (web based?)


My hunch is that this is just a bug, not a security issue.

By Date By Thread

Current thread:

CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
  - Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
    - Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 16)
    - Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 16)
    - Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor (Jan 17)