Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: Digest::SHA double free when using load subroutine
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 15 Jan 2013 20:37:17 +0100

* Kurt Seifried:

I'm not clear, how would an attacker exploit this? They'd need to be
able to specify the file that gets hashed, and the file would have to
be not present and would thus trigger the crash? Are there any real
world examples of an affected application? (web based?)

My hunch is that this is just a bug, not a security issue.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]