Date: Thu, 13 Sep 2012 16:10:21 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: DoS in OpenSLP Quoting Secunia's report: Georgi Geshev has discovered a vulnerability in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out-of-bounds read error within the "SLPIntersectStringList()" function (common/slp_compare.c) when processing service requests and can be exploited to cause a crash via a specially crafted request. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. References: https://secunia.com/advisories/50130/ https://bugs.gentoo.org/show_bug.cgi?id=434918 https://bugzilla.redhat.com/show_bug.cgi?id=857242 Could a CVE be assigned to this? There is no upstream bug report or patch that I can see. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.