oss-sec mailing list archives
Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings
From: cve-assign () mitre org
Date: Wed, 19 Feb 2014 18:50:05 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There are two CVEs because of the distinct types of issues.
https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
This is a logic error. It makes no sense to add begin and obj->len. Use CVE-2014-2031.
https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
This is missing input validation. Use CVE-2014-2032. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTBULYAAoJEKllVAevmvmsPIEH/2mlAM6SDBhBwxNCHbaCcPw3 bowmbkIuYTEO8prVC6tmcXrrvgnHYZMv5yjdLRCQHHEGnhxWt5OVS7uR8TQV1JBT k4AcjmaabxZ9HNTQyWKbzUWH+Q9kzlhD13isvi456yRjulIPXKBZ3AeYOUVZ3lto IcvukQYqEBVpwLol9PaYyjzj013lFd0XKeduEX8Yx9OTz8WA6+2idrE7B7sP2Qts 45nFYGZyIlyb6YbW7+e4tYFwMI9NykmCnOoKacyXpPE4XKi1bk4tZ4XuUXVDX12R K3EKLtOuQyfMlVAM928o9+DROAkfJxwzOC/mQQL2lZGJfzytzmwHkY/aHzp0cXY= =kqvj -----END PGP SIGNATURE-----
Current thread:
- CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings Martin Prpic (Feb 18)
- Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings cve-assign (Feb 19)