Security Information / Security Advisories from late '97 and early '98 / Security Information -- libdb

Debian Security Advisory

libdb -- buffer overflow

Date Reported:

undated

Affected Packages:

libdb

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Libdb includes version of snprintf() function with bound checking disabled.

From the libdb (1.85.4-4) changelog:

  * PORT/linux/Makefile: SECURITY FIX: don't build broken snprintf, which
    ignores the bounds check, making programs which just *happen* to use
    libdb vulnerable...

References:

• BugTraq mail list - July 1997 (0043)

Fixes: libdb 1.85.4-4 or later

Fixed in:

All - (in release 1.1) 1.85.4-4