Bug 1110254 - claws-mail: stack-based off-by-one in HTML parsing
Summary: claws-mail: stack-based off-by-one in HTML parsing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1110255
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-17 10:05 UTC by Stefan Cornelius
Modified: 2019-09-29 13:18 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-07-18 08:28:45 UTC
Embargoed:

Attachments (Terms of Use)

Description Stefan Cornelius 2014-06-17 10:05:57 UTC 
There's a stack-based off-by-one in Claws Mail's HTML parsing.

NOTE: I've not investigated this properly and currently have no plans to do so. Depending on our stack layout and whether or not stack corruption mitigation is in place, this could be anything from no issue at all to possible code execution. My guess is that this is not really an issue for us, but then again it looks suspicious enough to get this fixed.

It looks like this got introduced with 3.10.0 and was fixed in 3.10.1. F20 ships 3.10.0, for F19 3.10.0 is only in updates-testing.

References:
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3201
http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=5f52f113ac9fd054f10752febbfac340c38cddbe
Comment 1 Stefan Cornelius 2014-06-17 10:07:15 UTC 
Created claws-mail tracking bugs for this issue:

Affects: fedora-all [bug 1110255]
Comment 2 Andreas Bierfert 2014-06-20 14:44:26 UTC 
Thanks for providing the patch!
Comment 3 Andreas Bierfert 2014-06-20 14:45:24 UTC 
Ups wrong bug...
Note You need to log in before you can comment on or make changes to this bug.