oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: bip denial of service via resource leak

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 08 Nov 2013 12:26:02 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/08/2013 10:02 AM, Marc Deslauriers wrote:

Hello,

bip 0.8.8 and earlier contains an issue where failed SSL handshakes
result in a resource leak. A remote attacker can use this flaw to
cause bip to run out of resources, resulting in a denial of
service.

Upstream bug: https://projects.duckcorp.org/issues/261

Fixed by the following commit in 0.8.9: 
https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c

 Downstream bug: 
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888

Could a CVE please be assigned to this issue?

Thanks,

Marc.



Please use CVE-2013-4550 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSfTrJAAoJEBYNRVNeJnmTl0MQALTTu6rzAPz/we1y3/s++MMv
4ZIqeoGgJsk7D7aEnHGMVYniTfzf5b6AmyLuTYLKUB2uvJgIFLDeGfTGokYbsH+F
YW9SClKsHRvAB5WQ1Sj+XKXDVmP1UZV0Rg3D9Uh7Wsi6LKsqjx5L+eECf3FOyChI
xMYglMDmDeXSw5aH4aEti4/jxm1zOpBlPb9T9ZzaLKoN3B93NVva2er/suEG475e
GxDF1WLTbxl5iirtuOI8vnH+McMukSTYdrYdVxfusR/O0w1lSZq7jjdVhx/foCJL
9bTN1RVaGT8/YThW0Ia9OsOCj8bPEAA26w0fMCB7QDzuoavXLb4z4sFOB9Qm+HDv
AzP9q1eFzmqouzXomBNSq5SqMmjx2c2MQo071ybVnIvAq9f9RuVAroUyPq6w6f9J
5nfb1it76bRHKktxBtc8OwGm7WaYzwLL5oyhfEVZZawUmT/+a3JuZ4K4kPB8D+er
ILFJCRpG207bW7Z+kixR2GPTrgbCsMWDsBHLkphaEow0rfA0wfvYtNbfadwooL4U
aG4Fb5XJV5ct3+PmcB4ep5Fy7exx99mp+ElRswTd0ia6xVK9WhxYqHdWUkRZW8PH
0FSBdxne2/PHioHgVsQ5Aina/w5aTNDBG1KGVKENxSp4IBL+KWs1c2g06fCdbZWQ
PTJ6G1MG4+plByWSXc3P
=oQ9g
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: