[exim-dev] [Bug 3000] OOB access in SPA authenticator, clien…

Top Pagina
Delete this message
Reply to this message
Auteur: admin--- via Exim-dev
Datum:  
Aan: exim-dev
Oude Onderwerpen: [exim-dev] [Bug 3000] New: (placeholder)
Onderwerp: [exim-dev] [Bug 3000] OOB access in SPA authenticator, client
https://bugs.exim.org/show_bug.cgi?id=3000

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
            Summary|(placeholder)               |OOB access in SPA
                   |                            |authenticator, client
           Priority|medium                      |high


--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
ZDI-CAN-17515 (Trend Micro)

A large-enough domain given by a server can result in the buffer used by
the client code for building the challenge response to be overflowed.

Fix by checking all writss into the bufer.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/