Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Feb 2015 15:28:16 +0100
From: Hector Marco <>
Subject: Re: Re: CVE-Request -- Google Email App 4.2.2 remote
 denial of service

El 09/02/15 a las 22:40, escribió:
> Hash: SHA1
>> A bug in the stock Google email application
> Is the source code and fix in the same as in:
> ? If so, then it is an open-source vulnerability, and can have one
> CVE-2013-#### ID assigned here, even if the relevant HTTPParsers.cpp code
> is also bundled in one or more closed-source products.
> If it is independent source code that happens to have the same
> attack vector (the attack vector in
> appears to be identical to the attack vector in the
> test), then revision 152293 could probably have a separate new
> CVE-2013-#### ID.

It is a different source code and fix. The source code is available in:

Note that the HTTPParsers.cpp is the file which parses the headers but 
in the Email App this is done by the

It seems that the Chromium bug is very similar to the Email one, but I 
think the attack vector is different since in the first case, it can be 
exploited by sending an email and in the second case by visiting a website.

Hector Marco.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.