oss-sec mailing list archives
CVE request: DoS in OpenSLP
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 13 Sep 2012 16:10:21 -0600
Quoting Secunia's report: Georgi Geshev has discovered a vulnerability in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out-of-bounds read error within the "SLPIntersectStringList()" function (common/slp_compare.c) when processing service requests and can be exploited to cause a crash via a specially crafted request. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. References: https://secunia.com/advisories/50130/ https://bugs.gentoo.org/show_bug.cgi?id=434918 https://bugzilla.redhat.com/show_bug.cgi?id=857242 Could a CVE be assigned to this? There is no upstream bug report or patch that I can see. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: DoS in OpenSLP Vincent Danen (Sep 13)
- Re: CVE request: DoS in OpenSLP Kurt Seifried (Sep 13)