oss-security - Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Sat, 19 Sep 2015 12:18:06 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension()
 DoS vulnerability

On Wed, 16 Sep 2015 17:40:11 +0800
Qinghao Tang <luodalongde@...il.com> wrote:

> HI there,
> 
> 
> 
> Greeting! This is Qinghao Tang from QIHU 360  company, China. I am a
> security researcher there.I'm writing to report a vulnerability in
> openslp.
> 
> 
> 
> The function ParseExtension() in openslp 1.2.1 exists a
> vulnerability , an attacher can cause a denial of service (infinite
> loop) via a  packet with crafted "nextoffset" value and "extid" value.

Hi,

I have a hunch that this may be CVE-2010-3609? Can you have a look and
tell me why and how this is different from CVE-2010-3609?

Thanks in advance and kind regards,
-- 
Stefan Cornelius / Red Hat Product Security

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.