[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE requests: OpenBSD httpd - 2 DoS
From: Pierre Kim <pierre.kim.sec () gmail ! com>
Date: 2017-01-31 19:00:29
Message-ID: CADxEXOgSQWqbWcQaK9cZjckN+QC-pOXSzdj+meNs5KUEm=jn+g () mail ! gmail ! com
[Download RAW message or body]
Hello,
Can you assign 2 CVE entries regarding OpenBSD httpd ?
- DoS: CPU exhaustion with SSL client-initiated renegotiation,
- DoS: Memory exhaustion by sending crafted HTTP requests with Bytes-range.
Errata for 6.0/5.9 is in progress, the memory exhaustion has been
patched today in -current
(see http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2 ).
The advisory will be posted when
http://www.openbsd.org/errata{59,60}.html are updated.
Thank you,
Regards,
--
Pierre Kim
pierre.kim.sec@gmail.com
@PierreKimSec
https://pierrekim.github.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic