Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-16526

Untrusted value as argument [couchstore]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 4.1.0
    • 4.0.0
    • view-engine
    • Security Level: Public
    • None
    • Untriaged
    • Unknown

    Description

      Couchstore reads the size of the header from a file on disk and then malloc()s a buffer of that size; without performing any size or range checks. However we do check the result of the malloc so any totally crazy value should be caught.

      /couchstore/src/views/bin/couch_view_group_compactor.c

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            djp Don Pinto [X] (Inactive)
            djp Don Pinto [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty