oss-sec mailing list archives
CVE Request: bip denial of service via resource leak
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Fri, 08 Nov 2013 12:02:37 -0500
Hello, bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a resource leak. A remote attacker can use this flaw to cause bip to run out of resources, resulting in a denial of service. Upstream bug: https://projects.duckcorp.org/issues/261 Fixed by the following commit in 0.8.9: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c Downstream bug: https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888 Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request: bip denial of service via resource leak Marc Deslauriers (Nov 08)
- Re: CVE Request: bip denial of service via resource leak Kurt Seifried (Nov 08)