Date: Sun, 4 May 2014 23:37:45 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: akpop3d review -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://openwall.com/lists/oss-security/2014/05/02/2 does not state or imply that it is a CVE request. We want to assign one CVE ID now anyway. > pszQuery might have been never initialized (it is not explicitly > initialized in the code above), so we get a free() call on some stack > contents in place of the pointer. Use CVE-2014-3208 for this "free( pszQuery )" issue. (This does not mean that MITRE has exploitability analysis. The combination of the http://openwall.com/lists/oss-security/2014/05/02/2 comments and the http://openwall.com/lists/oss-security/2014/05/02/4 comments leads us to suspect that some akpop3d users will want to track this free issue as a vulnerability, even if they choose not to track any of the other issues raised in the review.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTZwdjAAoJEKllVAevmvmse1cH/2KrEO9n2G+iqPtB+oq8frWH htsomIAJYLWpVsx8RNGvx0gf5xyTitCG46yqQlgrED4ep41SYjRvfRJil9u0ifVt qpM1xGp3ErCidcow7e18xpvwCmEjDhDK3fRJI/qKt8PLgsnpO35pjnoWYmdUa6VQ CVRiKemQdFb7yTqst46eXAefWi8jcoNZGfz0AIluJs/OH65FSbXf6PdERPNDDgjh iVsQEuKQ6uKxIvxXa9gp6xXOajfhI3Fz+ZaQOqlALFfOEVEB/Pa5QyHIH/WmnFn+ N+El65SQmkz9ssuEyTjp3Dp3bDrn1rjiEid041J3NgGrPNFZU2bTzd7XXsSblRw= =emdY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.