[VIM] Possible third-party code dupes? (CVE-2014-4043/glibc and CVE-2014-1950/Xen)
Steven M. Christey
coley at mitre.org
Mon Oct 6 17:11:15 CDT 2014
All,
BID:68006 is ostensibly for a UAF in GNU glibc, CVE-2014-4043, but
mentions the xc_cpupool_getinfo() function whereas most sources focus on
posix_spawn_file_actions_addopen(), which doesn't follow the POSIX
specification in a way that could open applications to UAFs.
xc_cpupool_getinfo() is associated with CVE-2014-1950 in Xen, and is
called a UAF.
The researcher credits are different, though BID:68006 credits the same
people as for CVE-2014-4043.
Was Xen vulnerable to the same glibc issue (which would suggest a CVE
dupe)? Or is this a copy-and-paste issue in the BID?
- Steve
More information about the VIM
mailing list