[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings
From:       cve-assign () mitre ! org
Date:       2014-02-19 23:50:05
Message-ID: 201402192350.s1JNo5vG029674 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are two CVEs because of the distinct types of issues.

> https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093

This is a logic error. It makes no sense to add begin and obj->len.
Use CVE-2014-2031.


> https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3

This is missing input validation. Use CVE-2014-2032.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTBULYAAoJEKllVAevmvmsPIEH/2mlAM6SDBhBwxNCHbaCcPw3
bowmbkIuYTEO8prVC6tmcXrrvgnHYZMv5yjdLRCQHHEGnhxWt5OVS7uR8TQV1JBT
k4AcjmaabxZ9HNTQyWKbzUWH+Q9kzlhD13isvi456yRjulIPXKBZ3AeYOUVZ3lto
IcvukQYqEBVpwLol9PaYyjzj013lFd0XKeduEX8Yx9OTz8WA6+2idrE7B7sP2Qts
45nFYGZyIlyb6YbW7+e4tYFwMI9NykmCnOoKacyXpPE4XKi1bk4tZ4XuUXVDX12R
K3EKLtOuQyfMlVAM928o9+DROAkfJxwzOC/mQQL2lZGJfzytzmwHkY/aHzp0cXY=
=kqvj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]