Re: [PAPER]: Integer array overflows.
From: Steven M. Christey (coley_at_mitre.org)
Date: 09/16/03
- Previous message: Robert A. Seace: "Re: openssh vulnerability"
- Maybe in reply to: Vade 79: "[PAPER]: Integer array overflows."
- Next in thread: Yves Younan: "Re: [PAPER]: Integer array overflows."
- Reply: Yves Younan: "Re: [PAPER]: Integer array overflows."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Sep 2003 16:55:16 -0400 (EDT) To: vuln-dev@securityfocus.com
vade79,
Thanks for writing this paper. It's papers like these that help to
increase the awareness of emerging vulnerability classes and solidify
terminology. Overflows by manipulating array indices have been
reported in the past, but often under the increasingly-generic moniker
"buffer overflow," which no longer adequately describes the nature of
the underlying programming/design bug.
It would be interesting if somebody tackled the difference between
"integer overflows" and "signedness errors," as I've seen the terms
being used interchangeably.
Steve Christey
CVE Editor
- Previous message: Robert A. Seace: "Re: openssh vulnerability"
- Maybe in reply to: Vade 79: "[PAPER]: Integer array overflows."
- Next in thread: Yves Younan: "Re: [PAPER]: Integer array overflows."
- Reply: Yves Younan: "Re: [PAPER]: Integer array overflows."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
