FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)
Medium Nessus Plugin ID 76269
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMarkus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file :
Fixed a potential integer overflow condition in the 'safe' decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data.
As this issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (2^24 bytes) compressed bytes within a single function call, the practical implications are limited.
SolutionUpdate the affected packages.