Null pointer dereference vulnerability in 0.1.0-0.8.13

A patch to fix null pointer dereference vulnerability in 0.1.0-0.8.13.
The patch is not required for versions 0.8.15+, 0.7.62+, 0.6.39+,
0.5.38+.

On Monday 26 October 2009 19:46:58 Igor S. wrote:

A patch to fix null pointer dereference vulnerability in 0.1.0-0.8.13.
The patch is not required for versions 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+.

Hello Igor,

Can you confirm that it’s related to this vulnerability?

http://www.securityfocus.com/bid/36839

Thanks !

On Fri, Oct 30, 2009 at 05:22:41PM +0100, Pior B. wrote:

On Monday 26 October 2009 19:46:58 Igor S. wrote:

A patch to fix null pointer dereference vulnerability in 0.1.0-0.8.13.
The patch is not required for versions 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+.

Hello Igor,

Can you confirm that it’s related to this vulnerability?

http://www.securityfocus.com/bid/36839

Yes. However, it’s not a buffer overflow as stated there.
The published exploit causes always a null pointer dereference only
and you can not execute arbitrary code as stated there.

On Friday 30 October 2009 17:32:48 Igor S. wrote:

http://www.securityfocus.com/bid/36839

Yes. However, it’s not a buffer overflow as stated there.
The published exploit causes always a null pointer dereference only
and you can not execute arbitrary code as stated there.

Thank you !