konversation: out-of-bounds read on a heap-allocated array
Bug #1389296 reported by
Jonathan Riddell
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
konversation (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
Konversation's Blowfish ECB encryption support assumes incoming blocks
to be the expected 12 bytes. The lack of a sanity-check for the actual
size can cause a denial of service (crash) and an information leak of
up to 11 bytes due to an out-of-bounds read on a heap-allocated array.
fix at
http://
Changed in konversation (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in konversation (Ubuntu Precise): | |
status: | New → In Progress |
Changed in konversation (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in konversation (Ubuntu Utopic): | |
status: | New → In Progress |
Changed in konversation (Ubuntu Vivid): | |
status: | New → Triaged |
Changed in konversation (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in konversation (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in konversation (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in konversation (Ubuntu Utopic): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
vivid uploaded