oss-sec mailing list archives
Re: CVE id request: dns2tcp
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 4 Sep 2008 12:49:16 -0400 (EDT)
====================================================== Name: CVE-2008-3910 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3910 Reference: MLIST:[oss-security] 20080904 CVE id request: dns2tcp Reference: URL:http://www.openwall.com/lists/oss-security/2008/09/03/5 Reference: CONFIRM:http://www.hsc.fr/ressources/outils/dns2tcp/index.html.en dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.
Current thread:
- CVE id request: dns2tcp Nico Golde (Sep 03)
- Re: CVE id request: dns2tcp Steven M. Christey (Sep 04)