oss-sec mailing list archives

Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability

From: Stefan Cornelius <scorneli () redhat com>
Date: Sat, 19 Sep 2015 12:18:06 +0200

On Wed, 16 Sep 2015 17:40:11 +0800
Qinghao Tang <luodalongde () gmail com> wrote:

HI there,



Greeting! This is Qinghao Tang from QIHU 360  company, China. I am a
security researcher there.I'm writing to report a vulnerability in
openslp.



The function ParseExtension() in openslp 1.2.1 exists a
vulnerability , an attacher can cause a denial of service (infinite
loop) via a  packet with crafted "nextoffset" value and "extid" value.


Hi,

I have a hunch that this may be CVE-2010-3609? Can you have a look and
tell me why and how this is different from CVE-2010-3609?

Thanks in advance and kind regards,
-- 
Stefan Cornelius / Red Hat Product Security

Current thread:

CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability Qinghao Tang (Sep 16)
- Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability Stefan Cornelius (Sep 19)