git: 1bdede316d9c - main - security/vuxml: Add record for devel/libqb < 2.0.8 CVE-2023-39976
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 04 Nov 2024 19:03:47 UTC
The branch main has been updated by vvd: URL: https://cgit.FreeBSD.org/ports/commit/?id=1bdede316d9cf2b726ee433f32a64a6708a67b48 commit 1bdede316d9cf2b726ee433f32a64a6708a67b48 Author: Älven <alster@vinterdalen.se> AuthorDate: 2024-11-04 19:01:32 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-11-04 19:01:32 +0000 security/vuxml: Add record for devel/libqb < 2.0.8 CVE-2023-39976 log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. https://nvd.nist.gov/vuln/detail/CVE-2023-39976 PR: 282536 --- security/vuxml/vuln/2024.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index a429279ea8d2..8d6ab366760f 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,30 @@ + <vuln vid="ecf9a798-9aa9-11ef-a8f0-a8a15998b5cb"> + <topic>libqb -- Buffer overflow</topic> + <affects> + <package> + <name>libqb</name> + <range><lt>2.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve@mitre.org reports:</p> + <blockquote cite="https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8"> + <p>log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via + long log messages because the header size is not considered.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-39976</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-39976</url> + </references> + <dates> + <discovery>2023-08-08</discovery> + <entry>2024-11-04</entry> + </dates> + </vuln> + <vuln vid="e17384ef-c5e8-4b5d-bb62-c13405e7f1f7"> <topic>chromium -- multiple security fixes</topic> <affects>