Red Hat Bugzilla – Bug 841112
__pmDecodeIDList lacks check against PDU size
Last modified: 2012-08-19 23:52:42 EDT
__pmDecodeIDList does not check that the incoming PDU actually contains room for numids elements. This looks like it could result in a client crash (read buffer overflow, not exploitable for code execution) when a server sends too few IDs.
Nathan requested assignment, thanks Nathan
Created attachment 600699 [details]
Resolve issues in decoding PCP namespace idlist PDUs
(In reply to comment #2)
> Created attachment 600699 [details]
> Resolve issues in decoding PCP namespace idlist PDUs
Looks good to me.
This issue has been addressed in pcp-3.6.5
This issue was addressed in Fedora and EPEL via the following security updates: