[exim-dev] [Bug 2199] Exim use-after-free vulnerability whil…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: admin
Data:  
Para: exim-dev
Assunto: [exim-dev] [Bug 2199] Exim use-after-free vulnerability while reading mail header
https://bugs.exim.org/show_bug.cgi?id=2199

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|nigel@???              |jgh146exb@???


--- Comment #12 from Jeremy Harris <jgh146exb@???> ---
Please test this possible fix:

     if (!store_extend(next->text, oldsize, header_size))
       {
+      BOOL release_ok = store_last_get[store_pool] == next->text;
       uschar *newtext = store_get(header_size);
       memcpy(newtext, next->text, ptr);
-      store_release(next->text);
+      if (release_ok) store_release(next->text);
       next->text = newtext;
       }



Also: you originally said "exploitable to RCE". Is that "Remote Code
Execution"?
If so, how?
What about "uaf" - what is that?

--
You are receiving this mail because:
You are on the CC list for the bug.