Server may crash parsing wrong or truncated BLR [CORE2576] #2986
Submitted by: @asfernandes
BLR is read on a buffer and passed for parse without inform a length. The BLR is parsed until a blr_eoc is found.
If the buffer doesn't end with blr_eoc, the parser will continue reading unallocated memory. If it reads some byte in a not committed page memory, a read access violation will occur and the server will crash.
The text was updated successfully, but these errors were encountered: