oss-sec mailing list archives
Re: CVE Request: nbd denial of service
From: cve-assign () mitre org
Date: Thu, 21 May 2015 10:47:40 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://sourceforge.net/p/nbd/mailman/message/30410146/ https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4
As far as we can tell, the CVE request is primarily about the vulnerability that affects versions 2.9.22 through 3.3. Use CVE-2013-7441.
Versions released between 2.9.16 and 2.9.22 ... are vulnerable in the sense that the bad design is still there, but I don't believe they would crash in that manner.
If someone is interested in a CVE ID for those older versions (released in 2010 and 2011), and the behavior is different (e.g., if the unexpected client behavior doesn't immediately lead to a crash and instead can cause memory corruption), please let us know. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVXe+IAAoJEKllVAevmvmsuzwIAL5k8kTryqGjXT/7W5VY6O/N Ybjzpqb9JrKk5t6SyedrtilpEwx6Wj87Pk36Wfw336fPDnzHFh8SvipW3oT/Dzil I9llHybnTum0zGz2POnqzm1bL2Qr0QB0ly6gL56MCeErsfhngQahv6PGFuZC3wNH p9MaHFwVVZAGDwzrbA2JAyw6C7T4xm6TyfY9/2tF3jhXvbTM+5yO9znK5p9BChco ski7lbZW9tw3HK0CChrT0xQv6m6JTPR6s+faOiREE8+CkdqDpr/GTTIY5KGx6eFr RiyinKasLHxIfsMZYQJIBotOLAFo9XdxO7cQIGNfL4npc8NBPcU8uhJUsH4scTQ= =T6E3 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: nbd denial of service Alessandro Ghedini (May 19)
- Re: CVE Request: nbd denial of service cve-assign (May 21)