CVE request: DoS in OpenSLP

[Vincent Danen <vdanen () redhat com>]

Quoting Secunia's report:

Georgi Geshev has discovered a vulnerability in OpenSLP, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an out-of-bounds read error within
the "SLPIntersectStringList()" function (common/slp_compare.c) when
processing service requests and can be exploited to cause a crash via a
specially crafted request.

The vulnerability is confirmed in version 1.2.1. Other versions may also
be affected.

References:

https://secunia.com/advisories/50130/
https://bugs.gentoo.org/show_bug.cgi?id=434918
https://bugzilla.redhat.com/show_bug.cgi?id=857242

Could a CVE be assigned to this?  There is no upstream bug report or
patch that I can see.

--
Vincent Danen / Red Hat Security Response Team