FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Buffer overflow in stdio

Affected packages
10.1 <= FreeBSD < 10.1_1

Details

VuXML ID 74ded00e-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-12-10
Entry 2016-08-11

Problem Description:

A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error.

Impact:

The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow.

Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

References

CVE Name CVE-2014-8611
FreeBSD Advisory SA-14:27.stdio