[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
From: Mark Ellzey <mthomas@xxxxxxxxxx>
Date: Mon, 5 Jan 2015 14:31:34 -0600
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 15:41:08 -0500
In-reply-to: <CAKDKvuzVbbj8YOJbFG+QRt3+dWSD2QfavbV7e007Fr4GqDkEdQ@xxxxxxxxxxxxxx>
References: <CAKDKvuxyj1Q0Na+YkiAhu-48p3Q8wcc=6xf1Lkrc9ueEAsdjtw@xxxxxxxxxxxxxx> <CAKDKvuzVbbj8YOJbFG+QRt3+dWSD2QfavbV7e007Fr4GqDkEdQ@xxxxxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

On Mon, Jan 05, 2015 at 10:36:30AM -0500, Nick Mathewson wrote:
> On Mon, Jan 5, 2015 at 10:27 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> 
> Incidentally, at least one programmer I respect tells me he's pretty
> sure that the heap overflow issue can't occur on modern systems in
> practice, and only the infinite-loop issue is relevant.  I'll let him
> explain his reasoning here if he wants to.  Personally, I prefer a
> "better safe than sorry" approach.
> 
> yrs,
> -- 
> Nick


Was that me?


***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Mark Ellzey

References:
- [Libevent-users] Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Nick Mathewson
- [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Nick Mathewson

Prev by Author: Re: [Libevent-users] Help with Libevent multi-threaded HTTP server
Next by Author: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Previous by thread: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Next by thread: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Index(es):
- Author
- Thread