Date: Thu, 7 Jan 2016 12:10:37 +0100 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE id request: dhcpcd dhcpcd recently fixed two security issues. Can you assign CVE ids to these? http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9 can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. exploitation is non-trivial, but i'd love to be proven wrong. http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d can lead to an invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge. Kind regards, Nico
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ