|
Message-ID: <20160107111037.GO8020@coredump> Date: Thu, 7 Jan 2016 12:10:37 +0100 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE id request: dhcpcd dhcpcd recently fixed two security issues. Can you assign CVE ids to these? http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9 can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. exploitation is non-trivial, but i'd love to be proven wrong. http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d can lead to an invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge. Kind regards, Nico
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.