Note:
This project will be discontinued after December 13, 2021. [more]
2011-12-31
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
| Products | Plib |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/201606-16
• http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html • http://osvdb.org/77973 • http://secunia.com/advisories/47297 • http://openwall.com/lists/oss-security/2011/12/21/2 |