[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings
From: cve-assign () mitre ! org
Date: 2014-02-19 23:50:05
Message-ID: 201402192350.s1JNo5vG029674 () linus ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There are two CVEs because of the distinct types of issues.
> https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
This is a logic error. It makes no sense to add begin and obj->len.
Use CVE-2014-2031.
> https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
This is missing input validation. Use CVE-2014-2032.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJTBULYAAoJEKllVAevmvmsPIEH/2mlAM6SDBhBwxNCHbaCcPw3
bowmbkIuYTEO8prVC6tmcXrrvgnHYZMv5yjdLRCQHHEGnhxWt5OVS7uR8TQV1JBT
k4AcjmaabxZ9HNTQyWKbzUWH+Q9kzlhD13isvi456yRjulIPXKBZ3AeYOUVZ3lto
IcvukQYqEBVpwLol9PaYyjzj013lFd0XKeduEX8Yx9OTz8WA6+2idrE7B7sP2Qts
45nFYGZyIlyb6YbW7+e4tYFwMI9NykmCnOoKacyXpPE4XKi1bk4tZ4XuUXVDX12R
K3EKLtOuQyfMlVAM928o9+DROAkfJxwzOC/mQQL2lZGJfzytzmwHkY/aHzp0cXY=
=kqvj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic