CVE-2010-2947
Published: 24 August 2010
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
Priority
Status
Package | Release | Status |
---|---|---|
libhx Launchpad, Ubuntu, Debian |
upstream |
Released
(3.6)
|
dapper |
Does not exist
|
|
hardy |
Released
(1.10.2-2ubuntu0.1)
|
|
jaunty |
Released
(1.28-1ubuntu0.1)
|
|
karmic |
Released
(2.9-3ubuntu0.1)
|
|
lucid |
Released
(3.2-1ubuntu0.1)
|
|
Patches: upstream: http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59 |
||
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. |