Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Jan 2016 12:10:37 +0100
From: Nico Golde <>
Subject: CVE id request: dhcpcd

dhcpcd recently fixed two security issues. Can you assign CVE ids to these?
can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. exploitation is non-trivial, but i'd love to be proven wrong.
can lead to an invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.

Kind regards,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ