Date: Thu, 1 Apr 2021 01:20:24 +0200 (CEST) From: Jan Engelhardt <jengelh@...i.de> To: oss-security@...ts.openwall.com Subject: Re: kopano-core 11.0.1: Remote DoS by memory exhaustion On Friday 2021-03-19 13:44, Jan Engelhardt wrote: >Initial publication, no CVE number yet (will request). >[…] >The "kopano-ical" program implements a network service/trivial HTTP server. >It imposes no length restrictions on HTTP headers, which can be exploited >to memory-exhaust the process and have it terminate. This was assigned CVE-2021-28994.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.