oss-sec mailing list archives
Cve issue discussion
From: ne xo <nexo123 () outlook kr>
Date: Mon, 7 Aug 2017 01:03:53 +0000
Hello, I am curious about issuing CVEs. I can see that a "NULL pointer dereference" or a bug where the exploit has not been verified also get a CVE. heap-overflows may or may not be exploitable. It takes a lot of time to analyze the exploit and create the exploit code. Is it right to be assigned a CVE only if it is exploitable? Or do you think all bugs need to get a CVE? Thanks. --- ref --- [1]http://www.openwall.com/lists/oss-security/2017/04/10/17 - NULL pointer dereference [2]http://www.openwall.com/lists/oss-security/2017/04/10/15 - memory allocation failure
Current thread:
- Cve issue discussion ne xo (Aug 06)
- Re: Cve issue discussion Agostino Sarubbo (Aug 07)
- RE: Cve issue discussion ne xo (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Marcus Meissner (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Bob Friesenhahn (Aug 07)
- Re: Cve issue discussion John Haxby (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Jesse Hertz (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- RE: Cve issue discussion ne xo (Aug 07)
- Re: Cve issue discussion Agostino Sarubbo (Aug 07)