Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.2
Affects Version/s: None
Component/s: None
Labels:
None

Confidence Status:
None

Backwards Compatibility:
Fully Compatible

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

Hello,

The format string argument to sprintf() at time64.c line 793 does not properly limit the amount of data the function can write, which allows the program to write outside the bounds of allocated memory. This behavior could corrupt data, crash the program, or lead to the execution of malicious code:

\bson\time64.c (release 2.0.1)
...
793    sprintf(result, TM64_ASCTIME_FORMAT,
794        wday_name[date->tm_wday],
795        mon_name[date->tm_mon],
...

Kind Regards,
Martin

Assignee:: Bernie Hackett
Reporter:: Martin Fischer
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Feb 10 2012 01:45:46 PM UTC
Updated:: Apr 30 2012 09:51:26 PM UTC
Resolved:: Feb 10 2012 09:49:08 PM UTC

Details

Description

Attachments

Forms

Activity

People

Dates