Debian Security Advisory

libdb -- buffer overflow

Date Reported:
undated
Affected Packages:
libdb
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:
Libdb includes version of snprintf() function with bound checking disabled.

From the libdb (1.85.4-4) changelog:

  * PORT/linux/Makefile: SECURITY FIX: don't build broken snprintf, which
    ignores the bounds check, making programs which just *happen* to use
    libdb vulnerable...

References:

Fixes: libdb 1.85.4-4 or later

Fixed in:
All - (in release 1.1) 1.85.4-4