hashcash: CVE-2006-3251: buffer overflow

Debian Bug report logs - #376444
hashcash: CVE-2006-3251: buffer overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Alec Berryman <alec@thened.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: hashcash: CVE-2006-3251: buffer overflow

Date: Sun, 02 Jul 2006 20:59:16 -0400

[Message part 1 (text/plain, inline)]

Package: hashcash
Version: 1.17-1
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2006-3251: "Heap-based buffer overflow in the array_push function in
hashcash.c for Hashcash before 1.22 might allow attackers to execute
arbitrary code via crafted entries."

The CVE is incorrect; the bug was fixed in 1.21 according to the
changelog.  This bug does not apply to the versions in testing or
unstable, and I am filing this report for the security team.  I will
followup to mark the 1.21-1 as fixed.

I have not found a sample exploit, but I have isolated the patch and
attached it.  It applies and compiles cleanly.  To create the patch
yourself, fetch 1.20 and 1.20 from http://hashcash.org/source/ and run
diff on hashcash.c (note the first change, not included in the attached
patch, is cosmetic).

Thanks,

Alec

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEqGvkAud/2YgchcQRAnA6AJ0f+bLovZIMKrlHMKE4dSis6fZlFQCg4HYt
9SKhWhJ7Dt+kYHMjkBPzrtY=
=5JEN
-----END PGP SIGNATURE-----

[CVE-2006-3251.diff (text/plain, attachment)]

Message #10 received at 376444-done@bugs.debian.org (full text, mbox, reply):

From: Alec Berryman <alec@thened.net>

To: 376444-done@bugs.debian.org

Subject: close fixed version

Date: Sun, 02 Jul 2006 21:45:35 -0400

[Message part 1 (text/plain, inline)]

Version: 1.21-1
thanks

This bug was meant for the security team; the current version in
testing/unstable is not affected.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.