[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
On Mon, Jan 5, 2015 at 10:27 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
Incidentally, at least one programmer I respect tells me he's pretty
sure that the heap overflow issue can't occur on modern systems in
practice, and only the infinite-loop issue is relevant. I'll let him
explain his reasoning here if he wants to. Personally, I prefer a
"better safe than sorry" approach.
yrs,
--
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.