projects / collectd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4371ef7) | patch
network plugin: Fix heap overflow in parse_packet().
authorFlorian Forster <octo@collectd.org>
Tue, 19 Jul 2016 08:00:37 +0000 (10:00 +0200)
committerFlorian Forster <octo@collectd.org>
Thu, 21 Jul 2016 05:47:37 +0000 (07:47 +0200)
commitb589096f907052b3a4da2b9ccc9b0e2e888dfc18
tree441b0e22a176a0b8dac59875c17eb178e1f140f0tree | snapshot
parent4371ef7f98f6f51ea3df34d5e26e175d6b44a328commit | diff
network plugin: Fix heap overflow in parse_packet().

Emilien Gaspar has identified a heap overflow in parse_packet(), the
function used by the network plugin to parse incoming network packets.

This is a vulnerability in collectd, though the scope is not clear at
this point. At the very least specially crafted network packets can be
used to crash the daemon. We can't rule out a potential remote code
execution though.

Fixes: CVE-2016-6254
src/network.c diff | blob | history
collectd, the system statistics collection daemon