FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Buffer overflow in stdio

Affected packages
10.1 <= FreeBSD < 10.1_1


VuXML ID 74ded00e-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-12-10
Entry 2016-08-11

Problem Description:

A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error.


The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow.

Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.


CVE Name CVE-2014-8611
FreeBSD Advisory SA-14:27.stdio