libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens. Original bug report https://bugs.freedesktop.org/show_bug.cgi?id=93881 Upstream fix: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 External reference: https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html CVE assignment: http://seclists.org/oss-sec/2016/q1/234
Created libbsd tracking bugs for this issue: Affects: fedora-all [bug 1302623] Affects: epel-5 [bug 1302624] Affects: epel-6 [bug 1302625] Affects: epel-7 [bug 1302626]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.