Public bug reported:
Steps to reproduce this bug (see files attached):
```
$ cat /etc/os-release | grep VERSION=
VERSION="18.04.5 LTS (Bionic Beaver)"
$ mysql --version
mysql Ver 14.14 Distrib 5.7.34, for Linux (x86_64) using EditLine wrapper
$ python server_output.py | nc -vvvlp 3306 &
$ mysql
Hi,
sorry we don't have more information than provided. Oracle just noted
that it's fixed in later versions.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830752
Title:
Upstream security fixes in
Public bug reported:
integer overflow leading to heap corruption in dmg2img.c
```
//+1 overflows if XMLLength = 0x
// then plist is a valid pointer to an allocation of length 0 (it can
be freed, but not written to)
220 plist = (char *)malloc(kol
Public bug reported:
Heap Out Of Bound Write
Similar bug to: https://bugs.launchpad.net/ubuntu/+source/dmg2img/+bug/1835461
However, this time its the second strstr that fails and as a consequence, it
causes a more or less arbitrary OOB write.
232 char *_blkx_begin = strstr
Public bug reported:
Heap Out Of Bound Read
A variant of
https://bugs.launchpad.net/ubuntu/+source/dmg2img/+bug/1835463 at
another position.
324 parts[i].Data = (char *)malloc(0x28 *
mishblk.BlocksRunCount);
325 if (!parts[i].Data)
326
