OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

grip -- CDDB response multiple matches buffer overflow vulnerability

Affected packages
grip < 3.0.7p0

Details

VuXML ID bd003c68-9ae1-11d9-862b-00065bd5b0b6
Discovery 2003-11-02
Entry 2005-03-22

Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses. This could lead to a crash in grip and potentially execution arbitrary code.

A workaround is to disable CDDB lookups.

References

Bugtraq ID 12770
CVE Name CAN-2005-0706
URL http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.