[Midnightbsd-cvs] [MidnightBSD/src] d6f3f2: libcasper: select(2) file descriptor set overflow ...
Lucas Holt
noreply at github.com
Fri May 22 10:38:59 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: d6f3f2f9d8ad880dbcd97bd1c9071f28dabab540
https://github.com/MidnightBSD/src/commit/d6f3f2f9d8ad880dbcd97bd1c9071f28dabab540
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-05-22 (Fri, 22 May 2026)
Changed paths:
M lib/libcasper/libcasper/libcasper_impl.h
M lib/libcasper/libcasper/libcasper_service.c
M lib/libcasper/libcasper/service.c
M lib/libcasper/tests/Makefile
A lib/libcasper/tests/cap_main_test.c
Log Message:
-----------
libcasper: select(2) file descriptor set overflow causes stack overflow
Fixes CVE-2026-39461
An attacker able to cause an application using libcasper(3) to allocate large
file descriptors, e.g., by opening many descriptors and executing a program
which is not careful to close them upon startup, may trigger stack
corruption. If the target application runs with setuid root privileges, this
could be used to escalate local privileges.
Obtained from: FreeBSD
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list