oss-sec mailing list archives
CVE requests: OpenBSD httpd - 2 DoS
From: Pierre Kim <pierre.kim.sec () gmail com>
Date: Tue, 31 Jan 2017 20:00:29 +0100
Hello, Can you assign 2 CVE entries regarding OpenBSD httpd ? - DoS: CPU exhaustion with SSL client-initiated renegotiation, - DoS: Memory exhaustion by sending crafted HTTP requests with Bytes-range. Errata for 6.0/5.9 is in progress, the memory exhaustion has been patched today in -current (see http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2 ). The advisory will be posted when http://www.openbsd.org/errata{59,60}.html are updated. Thank you, Regards, -- Pierre Kim pierre.kim.sec () gmail com @PierreKimSec https://pierrekim.github.io/
Current thread:
- CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Jan 31)
- Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign (Feb 01)
- Re: CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Feb 02)
- Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign (Feb 01)