BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Buffer overflows in multiple IMAP clients May 14 2003 06:49PM
Timo Sirainen (tss iki fi)
There's two common vulnerabilities in IMAP clients written with C and C++:

1. Handling huge literal sizes. Many clients do malloc(literal_size+1) and
then read the literal into it. Problem is that if literal_size is
UINT_MAX-1, the +1 overflows it into malloc(0) but server is still allowed
to write...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus