CVE-2016-9442 - log back

CVE-2016-9442 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the required size due to bucketing so the heap shouldn't be corrupted in practice.
References
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
+ https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
Notes