[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
From: Mark Ellzey <mthomas@xxxxxxxxxx>
Date: Mon, 5 Jan 2015 14:32:25 -0600
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 15:41:10 -0500
In-reply-to: <20150105203134.GB23321@xxxxxxxxxx>
References: <CAKDKvuxyj1Q0Na+YkiAhu-48p3Q8wcc=6xf1Lkrc9ueEAsdjtw@xxxxxxxxxxxxxx> <CAKDKvuzVbbj8YOJbFG+QRt3+dWSD2QfavbV7e007Fr4GqDkEdQ@xxxxxxxxxxxxxx> <20150105203134.GB23321@xxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)

On Mon, Jan 05, 2015 at 02:31:34PM -0600, Mark Ellzey wrote:
> On Mon, Jan 05, 2015 at 10:36:30AM -0500, Nick Mathewson wrote:
> > On Mon, Jan 5, 2015 at 10:27 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> > 
> > Incidentally, at least one programmer I respect tells me he's pretty
> > sure that the heap overflow issue can't occur on modern systems in
> > practice, and only the infinite-loop issue is relevant.  I'll let him
> > explain his reasoning here if he wants to.  Personally, I prefer a
> > "better safe than sorry" approach.
> > 
> > yrs,
> > -- 
> > Nick
> 
> 
> Was that me?
> 

Oops, not supposed to have gone to the list.

> 
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

References:
- [Libevent-users] Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Nick Mathewson
- [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Nick Mathewson
- Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
  - From: Mark Ellzey

Prev by Author: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Next by Author: Re: [Libevent-users] Help with Libevent multi-threaded HTTP server
Previous by thread: Re: [Libevent-users] Re: Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]
Next by thread: [Libevent-users] [ANN] Libevent 2.1.5-beta is released
Index(es):
- Author
- Thread