'[oss-security] CVE requests: OpenBSD httpd - 2 DoS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE requests: OpenBSD httpd - 2 DoS
From:       Pierre Kim <pierre.kim.sec () gmail ! com>
Date:       2017-01-31 19:00:29
Message-ID: CADxEXOgSQWqbWcQaK9cZjckN+QC-pOXSzdj+meNs5KUEm=jn+g () mail ! gmail ! com
[Download RAW message or body]

Hello,

Can you assign 2 CVE entries regarding OpenBSD httpd ?

- DoS: CPU exhaustion with SSL client-initiated renegotiation,
- DoS: Memory exhaustion by sending crafted HTTP requests with Bytes-range.

Errata for 6.0/5.9 is in progress, the memory exhaustion has been
patched today in -current
(see http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2 ).
The advisory will be posted when
http://www.openbsd.org/errata{59,60}.html are updated.

Thank you,

Regards,

-- 
Pierre Kim
pierre.kim.sec@gmail.com
@PierreKimSec
https://pierrekim.github.io/
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic