oss-sec mailing list archives
CVE id request: dhcpcd
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 7 Jan 2016 12:10:37 +0100
dhcpcd recently fixed two security issues. Can you assign CVE ids to these? http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9 can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. exploitation is non-trivial, but i'd love to be proven wrong. http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d can lead to an invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge. Kind regards, Nico
Current thread:
- CVE id request: dhcpcd Nico Golde (Jan 07)
- Re: CVE id request: dhcpcd cve-assign (Jan 07)