Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <ME0P300MB0713341818938D79AA60A145EECAA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Date: Fri, 14 Nov 2025 02:58:42 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, Russ
 Allbery <eagle@...ie.org>, "jcb62281@...il.com" <jcb62281@...il.com>
Subject: Re: Questionable CVE's reported against dnsmasq

Jacob Bachmeyer <jcb62281@...il.com> writes:

>Ah yes, the universal arbitrary code execution exploit:  simply replace the
>program text with malicious code.  :-)
>
>Can we call it CVE-Zero?  :-P

The best one I've run into is enabling an undocumented internal build option
that turns on extra code for coverage/fuzz testing, then reporting it as a
vuln while ignoring the fact that the debug code also implements SSLKEYLOGFILE
which dumps the plaintext TLS master secret to the diagnostic output.

Aside from the OpenSSH pseudovulnerability that started all this, anyone else
have any interesting stories?

Peter.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.