Date: Sat, 28 Mar 2015 01:44:52 -0400 (EDT) From: cve-assign@...re.org To: pierre@...ctos.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: denial of service in Quassel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> The second is >> the core crash caused by sending an overlength CTCP query ("/me") >> containing only multibyte characters. This bug was caused by the >> old CTCP splitter using the byte index from lastParamOverrun() as >> a character index for a QString. > This seems to be, very roughly, an issue of incorrectly determining a > data-structure length by using a wrong-sized data type for counting. > It happens to be about multibyte characters but that's of secondary > importance. This will almost certainly have a unique CVE ID ... Use CVE-2015-2778. >> Unlike what it replaces, the new splitting code is not recursive >> and cannot cause stack overflows. >>> But, be it a crash or a hang, it would cause a denial of >>> service for any client connected to core. Use CVE-2015-2779. > The first is garbage characters caused > by accidentally splitting the string in the middle of a multibyte > character. As suggested earlier, this has no CVE ID. > if it is unable > to split a string, it will give up gracefully and not crash the > core or cause a thread to run away. As suggested earlier, this has no CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVFj9MAAoJEKllVAevmvmshfkH/0fpuId3QRMrFZW+S6Of4+Lc jRGjVNJDUVnSkkIvAPFtSpRZv0Xwx/Tff255Nx4OByaNGpVv6ocrdggHKXhxQq4G AMD2qNpBuIx7esTqTA40w6B70GPQOZF35+nOzNP0tsK7SFI+cPmyfDY/sB2JCzP2 fAmyCzX2JD1G9I7/5OyrhCYlV0RySzuMjdSC/LD0ikdEwkNP9V/IKm5HeufYvvyh BAQKItg1kRsKIVFMajTU2oXEqrPVTXsj/dNI6u6fpwOwidxv5jdBw0ggWFeAyb5W UYlRDPVBjMiMox5tLqC+2yC3vkykkBVlNgE1BBGQOmkBpgEQnzz8iQfJPSybw9w= =czV4 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ