Date: Mon, 24 Apr 2017 20:17:56 +0200 From: Solar Designer <solar@...nwall.com> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: oss-security <oss-security@...ts.openwall.com> Subject: Re: CVE request: remote heap overflow in linux networking stack Hi Jason, On Mon, Apr 24, 2017 at 08:00:10PM +0200, Jason A. Donenfeld wrote: > Requesting a CVE for , a heap overflow I found in Linux. >  https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee Thank you for bringing this in here. I've attached the above URL's content in text/plain form, as required by oss-security content guidelines (actual content must be on the list, not only included by reference). The bug is in drivers/net/macsec.c implementing IEEE 802.1AE (MACsec). I hope it is rarely used and thus rarely exposed, and Linux kernel support for it is rather new, right? oss-security is no longer a place to request CVE IDs. You may request a CVE ID directly from MITRE: https://cveform.mitre.org Once you have the CVE ID, please post it to this same thread in here. (For non-public issues, it is also still possible to request CVE IDs along with notification to the (linux-)distros lists, as long as the primary purpose of giving advance notice to the distros is providing them with actionable information. A few of the distros are CNAs, so they'd assign CVE IDs from their pools.) Alexander View attachment "linux-drivers-net-macsec.txt" of type "text/plain" (3175 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ