oss-sec mailing list archives

CVE Requests: libimobiledevice and libusbmuxd

From: Seth Arnold <seth.arnold () canonical com>
Date: Wed, 25 May 2016 17:27:11 -0700

Hello MITRE, all,

Please assign CVE(s) to libimobiledevice and libusbmuxd; both libraries
accidentally bound a listening IPv4 TCP socket to INADDR_ANY rather than
INADDR_LOOPBACK:

https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196

I do not know who to credit with discovery.

Thanks

Attachment: signature.asc
Description:

Current thread:

CVE Requests: libimobiledevice and libusbmuxd Seth Arnold (May 25)
- Re: CVE Requests: libimobiledevice and libusbmuxd cve-assign (May 26)