Date: Sat, 19 Sep 2015 12:18:06 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability On Wed, 16 Sep 2015 17:40:11 +0800 Qinghao Tang <luodalongde@...il.com> wrote: > HI there, > > > > Greeting! This is Qinghao Tang from QIHU 360 company, China. I am a > security researcher there.I'm writing to report a vulnerability in > openslp. > > > > The function ParseExtension() in openslp 1.2.1 exists a > vulnerability , an attacher can cause a denial of service (infinite > loop) via a packet with crafted "nextoffset" value and "extid" value. Hi, I have a hunch that this may be CVE-2010-3609? Can you have a look and tell me why and how this is different from CVE-2010-3609? Thanks in advance and kind regards, -- Stefan Cornelius / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.