oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: two issues in bee2 crypto library

From: Lucid Lynx <luc.lynx () yandex ru>
Date: Mon, 14 Dec 2015 13:44:43 +0300
Hello!
I found two issues in the 2015.10.29 version of bee2 crypto library that can be found at https://github.com/agievich/bee2. The library implements cryptographic algorithms standardized in Belarus and it is maintained by Belarussian State University. The first iisue is possible leakage of sensitive data, the report can be found at https://github.com/agievich/bee2/issues/5
Another one is memory leak that can lead to DoS, the report can be found at https://github.com/agievich/bee2/issues/6 The both vulnerabilities were reported to maintainers and were fixed several days ago. Please assign CVE IDs for these bugs if you think they are worth it in this case (right now the library is'n very popular though it can be used in some proprietary software). 
--
LL
Previous By Date Next
Previous By Thread Next

Current thread: