[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]



On Mon, Jan 05, 2015 at 10:36:30AM -0500, Nick Mathewson wrote:
> On Mon, Jan 5, 2015 at 10:27 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> 
> Incidentally, at least one programmer I respect tells me he's pretty
> sure that the heap overflow issue can't occur on modern systems in
> practice, and only the infinite-loop issue is relevant.  I'll let him
> explain his reasoning here if he wants to.  Personally, I prefer a
> "better safe than sorry" approach.
> 
> yrs,
> -- 
> Nick


Was that me?


***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.