Bugzilla – Bug 922243
VUL-0: CVE-2011-5320: glibc,glibc.i686: glibc scanf implementation crashes with long string of zeros
Last modified: 2019-05-01 16:41:52 UTC
via Ubuntu tracker, originally from http://marc.info/?l=gimp-developer&m=129567990905823&w=2 (Nelson A. de Oliveira) glibc scanf implementation crashes with long string of zeros Reproducer: #include <stdio.h> int main() { int a; scanf("%i", &a); return 0; } Expected output none; actual output: $ perl -e 'print "5"x21000000' | ./a.out Segmentation fault Commits: Fix: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 Optimisation? https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0 Fixed in glibc, 2.15, meaning SLE 12 not affected. Checked SLE 11 code, affected code is in. References: http://marc.info/?l=gimp-developer&m=129567990905823&w=2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5320 http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-5320.html
same as bug https://www.suse.com/show_bug.cgi?id=920341 , but has a CVE now
bugbot adjusting priority
dup *** This bug has been marked as a duplicate of bug 916222 ***