oss-sec mailing list archives
Confusion on CVE-2014-0235
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 30 Jun 2014 07:43:51 +0200
Hi I noticed that CVE-2014-0235 apparently was used twice: CVE-2014-0235 file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345): * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235 But then also for Microsoft Internet Explorer 9: "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.". * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235 Would be appreciated if you can clarify which is correct and how to reference the file issue. Regards, Salvatore
Current thread:
- Confusion on CVE-2014-0235 Salvatore Bonaccorso (Jun 29)
- Re: Confusion on CVE-2014-0235 cve-assign (Jun 29)
- changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) cve-assign (Jun 30)