Page History

[CVE-2009-0587|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0587] results from a violation of this rule. Before version 2.24.5, Evolution Data Server performed unchecked arithmetic operations on a {{size_t}} representing the length of ana arbitrary user-input string and used the value to allocate space for a new buffer. Thus, an attacker could execute arbitrary code by inputting a long string, resulting in incorrect allocation and buffer overflow \[[xorl 2009|AA. C References#xorl 20090587]\].