Bugzilla – Bug 1194245
VUL-1: CVE-2021-45926: mdbtools: stack-based buffer overflow in mdb_numeric_to_string
Last modified: 2022-02-09 16:50:49 UTC
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at
0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and
I will probably need your assistance to understand this CVE assignment.
(In reply to Alexander Bergmann from comment #0)
> MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at
> 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and
So this is supposed to be fixed in 0.9.3?
It was released on May 01, 2021, however
this bug was created at Jul 9, 2021 and immediately reported as fixed next day. I cannot find any commit, that would fit to these two days and
is certainly not fixing anything.
Assigning to the maintainer, it is in 12, 15:Backports and Factory.
Hi security team,
could you please consider to help us to find any info which would lead to identify the issue this CVE describes? There is no obvious commit related and reproduction is unsuccessful sofar. See also 1194246.