CVE reported for Cyrus 3.0.0 - 3.0.3
Bron Gondwana
brong at fastmailteam.com
Sun Sep 10 06:37:05 EDT 2017
Hi All,
I have obtained CVE-2017-14230 for the crasher in Cyrus up to
3.0.3 where:
tag FIND "" "Other Users"
Would cause uninitialised memory to be written to a buffer which was
then interpreted as an unbounded C string. This bug is fixed in 3.0.4,
and we recommend everybody upgrade.
Regards,
Bron.
--
Bron Gondwana, CEO, FastMail Pty Ltd
brong at fastmailteam.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20170910/a32d9c3f/attachment.html>
More information about the Info-cyrus
mailing list