Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Jan 2016 12:10:37 +0100
From: Nico Golde <>
Subject: CVE id request: dhcpcd

dhcpcd recently fixed two security issues. Can you assign CVE ids to these?
can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. exploitation is non-trivial, but i'd love to be proven wrong.
can lead to an invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.

Kind regards,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.