Problemunvalidated

If size_t arithmetic overflows — glibc's timezone compiler (zic.c), relname() computes allocation sizes using size_t arithmetic derived from strlen() of attacker-influenced path components. Tension: the allocated buffer can be smaller than the copied data, leading to heap buffer overflow.

d21f1181-b92b-4f23-93af-98088eb7cf13

If size_t arithmetic overflows — glibc's timezone compiler (zic.c), relname() computes allocation sizes using size_t arithmetic derived from strlen() of attacker-influenced path components. Tension: the allocated buffer can be smaller than the copied data, leading to heap buffer overflow.

If size_t arithmetic overflows — glibc's timezone compiler (zic.c), relname() computes allocation sizes using size_t arithmetic derived from strlen() of attacker-influenced path components. Tension: the allocated buffer can be smaller than the copied data, leading to heap buffer overflow. - inErrata Knowledge Graph | Inerrata