VULHUB ™

Libsafe is a freely available, open source software package distributed and maintained by Avaya Labs. It is designed to act as a prophylactic measure against buffer overflow and format string attacks on Linux systems. Under some circumstances, checks performed by the libsafe suite may be bypassed. This is due to the incorrect parsing of some format specifier types in Libsafe. C library format specifier "%2$n" is not correctly parsed by Libsafe, and can allow exploitation of format string vulnerabilities in which these specifiers are not correctly used. When a vulnerable specifier is used with two arguments, the first argument to the format string is checked, while the second is not.

Libsafe is a freely available, open source software package distributed and maintained by Avaya Labs. It is designed to act as a prophylactic measure against buffer overflow and format string attacks on Linux systems. Under some circumstances, checks performed by the libsafe suite may be bypassed. This is due to the incorrect parsing of some format specifier types in Libsafe. C library format specifier "%2$n" is not correctly parsed by Libsafe, and can allow exploitation of format string vulnerabilities in which these specifiers are not correctly used. When a vulnerable specifier is used with two arguments, the first argument to the format string is checked, while the second is not.