oss-sec mailing list archives

Confusion on CVE-2014-0235

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 30 Jun 2014 07:43:51 +0200

Hi

I noticed that CVE-2014-0235 apparently was used twice:

CVE-2014-0235 file: extensive backtracking in awk rule regular
expression (incomplete fix for CVE-2013-7345):

 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235

But then also for Microsoft Internet Explorer 9: "Microsoft Internet
Explorer 9 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted web site, aka
"Internet Explorer Memory Corruption Vulnerability," a different
vulnerability than CVE-2014-1751 and CVE-2014-1755.".

 * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235

Would be appreciated if you can clarify which is correct and how to
reference the file issue.

Regards,
Salvatore

Current thread:

Confusion on CVE-2014-0235 Salvatore Bonaccorso (Jun 29)
- Re: Confusion on CVE-2014-0235 cve-assign (Jun 29)
- changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) cve-assign (Jun 30)