oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: bip denial of service via resource leak

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Fri, 08 Nov 2013 12:02:37 -0500
Hello,

bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a
resource leak. A remote attacker can use this flaw to cause bip to run out of
resources, resulting in a denial of service.

Upstream bug:
https://projects.duckcorp.org/issues/261

Fixed by the following commit in 0.8.9:
https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c

Downstream bug:
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/
Previous By Date Next
Previous By Thread Next

Current thread: