oss-sec mailing list archives
CVE assignment for c-icap Server
From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Mon, 01 Sep 2014 23:30:58 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, [0] lists a vulnerability for c-icap Server as: "contains a flaw in the parse_request() function of request.c that may allow a remote denial of service. The issue is triggered when the buffer fails to contain a ' ' or '?' symbol, which will cause the end pointer to increase and surpass allocated memory. With a specially crafted request (e.g. via the OPTIONS method), a remote attacker can cause a loss of availability for the program." as described in [1]. From what I can see this was fixed in [2]. Has a CVE been assigned to this issue already? if not I request that one is assigned. References: [0] http://www.osvdb.org/show/osvdb/89304 [1] http://osvdb.org/ref/89/c-icap.txt [2] http://sourceforge.net/p/c-icap/code/1018/ - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Veni vidi visa I came, I saw, I bought -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUBOWQAAoJEPw7F94F4TagjwUQAKFjqW2KCIrw9gI7aZrwBn9Z z+jCml/7AjUeqsVeLVkDi1FX+SN53bxgL8g7T+PmqKUS4esZ875RVXnz4Jviivhm WD7p1cDOojVHB/MVO5CRvbkNwSn92rLixcvtE6+O6d/OZcjz5bUwXxQvgznKPCRr oZoLl54izPuwuHbkj4bvzU2b0FLZA4Vsj75LxDyJDWaI2f+hD09iMO+T/25qQ7vK B8NYToE2W/X9VVeWL5kx8HrRX2cgYy8jI5yGxphIscsoaBx0wD3JcV4FG9YUy+zm Jk3RPY00PEyGt1SNf8LVLEE5uQoT/SbOhVc5Ofhru9JdZQDj2jqzZXmPjWYldfeR yabp6qphxZvIo3j07avAzdZlatQ/9TwBH7MbALf23k1P0rOlBe1Es+UsjrMSSLs1 fuJdv1s/ctC4hlF7RwBCBL8gnQz3eSYwAukYXs9ehF+JtSQGXu/rJMid97774kRs 8zB8pLbzmdLgJVnCrC+Mdd8HEXv2TviLyNMWVPAOyX2jesRUByWFv65MsxXlgmL6 v2xFEg8prXxgmwM67MiyS3Gxn+LkR2KkBpOQMySlxyyEuCLzjTUa3rOEjzYBiHgJ gkeM8qevyZxFqRT8ycw8Xy/cdtYtgqI2WyxapsKCwzl5mP++PKp4tntx4aY3TrXc lfbxFKuRgQ1ZFgzBFaT2 =UoU4 -----END PGP SIGNATURE-----
Current thread:
- CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 01)
- Re: CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 14)
- Re: CVE assignment for c-icap Server cve-assign (Sep 15)