[jira] [Updated] (TS-3353) traffic_via memory bug.

Bin (JIRA) Fri, 30 Jan 2015 15:25:15 -0800

     [ 
https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bin updated TS-3353:
--------------------
    Attachment: traffic_via_memory_overwrite_bug_1.diff

> traffic_via memory bug.
> -----------------------
>
>                 Key: TS-3353
>                 URL: https://issues.apache.org/jira/browse/TS-3353
>             Project: Traffic Server
>          Issue Type: Bug
>            Reporter: Bin
>         Attachments: traffic_via_memory_overwrite_bug.diff, 
> traffic_via_memory_overwrite_bug_1.diff
>
>
> A memory overwriting bug was found in traffic_via which can potentially lead 
> to remote code execution. In function decodeViaHeader in file traffic_via.cc, 
> a call to strcat can potentially overwrite outside the bounds on the heap. 
> For example, if the via header string is "abcde", the strcat concatenates a 
> byte to the end and can corrupt the adjacent byte.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (TS-3353) traffic_via memory bug.

Reply via email to