Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Sep 2014 21:55:28 +0200
From: Pierre Schweitzer <pierre@...ctos.org>
To: oss-security@...ts.openwall.com
Subject: Re: Full disclosure: denial of service in srvx


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 30/08/2014 03:27, cve-assign@...re.org wrote:
> > Putting an extremely high value to these parameters, such as
> > 184467440723049 will lead to an integer overflow. When attempting to
> > queue the function execution, srvx will add it in the past, will attempt
> > to execute it immediately and thus will loop forever on this, and will
> > finally crash due to memory exhaustion.
>
> Use CVE-2014-5508 for the integer overflow.

Thanks. This has been used for the pull request upstream, which has
finally been merged to their trunk.
So, it's fixed in development trunk.

See:
https://github.com/GameSurge/srvx/commit/1c24a6f22c2782fb072239246f868515dbca7459

- -- 
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUIH6wAAoJEHVFVWw9WFsLyLgP/A/1oVUobq/vc7zGnPYg/eQi
KkkC165VMsNamjhBIx5M4CZGa7Lndhxhojr5HvnjlAY+rYlS3RkMMlxVsR6QZ85q
X3/Ilhs9Zrw2wKjqwhh0yoCSzHz/H9w4pEdMsSqQhUy6H2ETEFFHHMoUDIvzR4ad
YPbmUfEhtRsFR5FPvdvMG5nEj7J244vQXUB6M4FnYtsc8ujtaRmc8/6FB+SWk8Dg
xpdGj42mmmYVklB5kg5pef5BQ7q+Fhe4ode9BlCIG3SLasBecBi5wmvJtaLTN2hZ
ZukejPPfp4KpZSCeoUd1JCqG5k0muSBJBNMiCbOcu/1lE0PCj6I6Esi21MbQB1oE
gXMgZqzXKhS6P4eB8sq4s/t1hVQduSTKf1sf8JcQ8TipcQYm0MXcP6j7Ztck8Akk
/bxlsabGl4wV9+v0PlZej+Q3OQV16ErG6LxDBSBCy7dnPFAVqB0o/1Xl7taezsyp
prKGQJmr5JIlvvJyHetTEYX5ENSfcnr1zXDXgYZk9ubwJEncyqpfPg/t1+ozI3rt
xKyfRB5Ej7G/bAANXdbqL9UyljBltrFbRxWcpPyHQ8ocy9NsRJxmFX+4P68aFCXF
nsLpWWN95T22o8mz+n1aeXszzcfPommzzudAs6NDOjxSubu8/WapV89gz+DhqerZ
jkGkRna/d2M9sdEIvddm
=3ZYr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.