[ntp:security] [Bug 1208] New: decodenetnum with [ demands matching ] before null terminator

Dave Hart via the NTP Bugzilla bugzilla at ntp.org
Tue Jun 2 20:45:19 UTC 2009


http://bugs.ntp.org/1208

           Summary: decodenetnum with [ demands matching ] before null
                    terminator
           Product: ntp
           Version: 4.2.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: ntpd
        AssignedTo: hart at ntp.org
        ReportedBy: hart at ntp.org
                CC: security at ntp.org


decodenetnum() in libntp/decodenetnum.c can overrun its buffer if supplied a 
string beginning with a [ and lacking a ]

-- 
Dave Hart <hart at ntp.org>



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list