FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tin -- buffer overflow vulnerabilities

Affected packages
tin < 1.8.2
zh-tin < 1.8.2

Details

VuXML ID 19a92df1-548d-11db-8f1a-000a48049292
Discovery 2006-02-15
Entry 2006-10-05

Urs Janssen and Aleksey Salow report possible buffer overflows in tin versions 1.8.0 and 1.8.1.

OpenPKG project elaborates there is an allocation off-by-one bug in version 1.8.0 which can lead to a buffer overflow.

References

URL ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES
URL http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html