[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]



On Mon, Jan 5, 2015 at 10:27 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:

Incidentally, at least one programmer I respect tells me he's pretty
sure that the heap overflow issue can't occur on modern systems in
practice, and only the infinite-loop issue is relevant.  I'll let him
explain his reasoning here if he wants to.  Personally, I prefer a
"better safe than sorry" approach.

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.