An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. If an application used this function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=17269 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1195763]
CVE request via: http://openwall.com/lists/oss-security/2015/09/08/2
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html
CVE assignment: http://seclists.org/oss-sec/2017/q1/437