oss-sec mailing list archives

Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings

From: cve-assign () mitre org
Date: Wed, 19 Feb 2014 18:50:05 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are two CVEs because of the distinct types of issues.

https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093


This is a logic error. It makes no sense to add begin and obj->len.
Use CVE-2014-2031.

https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3


This is missing input validation. Use CVE-2014-2032.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTBULYAAoJEKllVAevmvmsPIEH/2mlAM6SDBhBwxNCHbaCcPw3
bowmbkIuYTEO8prVC6tmcXrrvgnHYZMv5yjdLRCQHHEGnhxWt5OVS7uR8TQV1JBT
k4AcjmaabxZ9HNTQyWKbzUWH+Q9kzlhD13isvi456yRjulIPXKBZ3AeYOUVZ3lto
IcvukQYqEBVpwLol9PaYyjzj013lFd0XKeduEX8Yx9OTz8WA6+2idrE7B7sP2Qts
45nFYGZyIlyb6YbW7+e4tYFwMI9NykmCnOoKacyXpPE4XKi1bk4tZ4XuUXVDX12R
K3EKLtOuQyfMlVAM928o9+DROAkfJxwzOC/mQQL2lZGJfzytzmwHkY/aHzp0cXY=
=kqvj
-----END PGP SIGNATURE-----

Current thread:

CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings Martin Prpic (Feb 18)
- Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings cve-assign (Feb 19)