Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 13 Jul 2023 12:26:38 -0400
From: Jan Schaumann <>
Subject: Re: RCE in < 3.0.6

Just closing the loop here: this has now been assigned

Jan Schaumann <> wrote:
> Hi,
> I don't think this has been raised here:
> The ACME client[1] prior to version 3.0.6[2] has
> an RCE vulnerability allowing a hostile server to
> execute arbitrary commands on the client[3].
> I was unable to determine whether a CVE has been
> requested for this issue; both the original discussion
> and a second GitHub issue[4] have been inconclusively
> closed for comments (I've reached out to the author).
> The issue is also being discussed on Mozilla's
> dev-security-policy[5].
> -Jan
> [1]
> [2]
> [3]
> [4]
> [5]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.