VULHUB ™

A boundary condition error in BNC that is potentially a vulnerability has been discovered and corrected. The overflow occurs in procedure sbuf_getmsg(). Prior to version 2.8.9, BNC attempted to support "backspace" byte values found in the raw network data by using a pointer decrement to "erase" the previous byte of the destination buffer in a copy loop. This was done without checks to ensure that the pointer to the destination buffer did not point to a location beyond the boundary of the destination buffer space. This has created a potential buffer overflow condition that can be triggered remotely by untrusted data. The data would likely come from an IRC server. The overflow occurs in the BSS region, exploitability has not been confirmed.

A boundary condition error in BNC that is potentially a vulnerability has been discovered and corrected. The overflow occurs in procedure sbuf_getmsg(). Prior to version 2.8.9, BNC attempted to support "backspace" byte values found in the raw network data by using a pointer decrement to "erase" the previous byte of the destination buffer in a copy loop. This was done without checks to ensure that the pointer to the destination buffer did not point to a location beyond the boundary of the destination buffer space. This has created a potential buffer overflow condition that can be triggered remotely by untrusted data. The data would likely come from an IRC server. The overflow occurs in the BSS region, exploitability has not been confirmed.