info@unhackable.org Phone: +877 547 3638

CVE-2014-5119 glibc __gconv_translit_find() exploit

Date: Mon, 25 Aug 2014 19:00:15 -0700 From: Tavis Ormandy To: fulldisclosure@…lists.org, oss-security@…ts.openwall.com Subject: CVE-2014-5119 glibc __gconv_translit_find() exploit List, back in July, I described CVE-2014-5119, a fiendish single-fixed-byte heap metadata overflow in the glibc internal routine __gconv_translit_find(). This is caused by the file extension being incorrectly appended to the transliteration module filename. The result is […]

Read More »