FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

uwsgi -- a stack-based buffer overflow

Affected packages
uwsgi < 2.0.16

Details

VuXML ID a8f25565-109e-11e8-8d41-97657151f8c2
Discovery 2018-02-06
Entry 2018-02-13

Uwsgi developers report:

It was discovered that the uwsgi_expand_path function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service (application crash) or stack corruption.

References

CVE Name CVE-2018-6758
URL http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
URL https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html