[3.1] libbsd: Heap buffer overflow in fgetwln function (CVE-2016-2090)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.
Fixed In Version:
libbsd 0.8.2
References:
http://seclists.org/oss-sec/2016/q1/234
https://bugs.freedesktop.org/show\_bug.cgi?id=93881
Patch:
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
(from redmine: issue id 6096, created on 2016-08-28, closed on 2016-09-28)
- Relations:
- parent #6092 (closed)
- Changesets:
- Revision 7a08dd03 on 2016-09-23T13:35:48Z:
main/libbsd: security fix (CVE-2016-2090). Fixes #6096
(cherry picked from commit 5a6e2e3bcdc5dabbe395f3177a90544dd2ee04a3)