oss-sec mailing list archives
CVE-2016-3091 Diego log encoding vulnerability
From: Molly Crowther <mcrowther () pivotal io>
Date: Tue, 17 May 2016 11:07:16 -0700
Title: CVE-2016-3091 Diego log encoding vulnerability Severity: High Vendor: Cloud Foundry Foundation Versions Affected: Diego-release versions 0.1468.0 through 0.1470.0 Description: Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences. Affected Cloud Foundry Products and Versions: Diego-release versions 0.1468.0 through 0.1470.0 Mitigation: The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0. Credit: This issue was identified by a Pivotal team and reported responsibly to the Cloud Foundry Foundation.
Current thread:
- CVE-2016-3091 Diego log encoding vulnerability Molly Crowther (May 17)