Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20160126070228.0FB366C08F0@smtpvmsrv1.mitre.org>
Date: Tue, 26 Jan 2016 02:02:28 -0500 (EST)
From: cve-assign@...re.org
To: fw@...eb.enyo.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Linux potential division by zero in TCP code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390

> This may lead to a div-by-zero if the connection starts another cwnd
> reduction phase by setting tp->prior_cwnd to the current cwnd (0) in
> tcp_init_cwnd_reduction().

Use CVE-2016-2070.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWpxcsAAoJEL54rhJi8gl5VhcP/jESXeUc6StXDhNzxWKwNAMX
HTJ6wMy29qNG2fvAQWPnS63CVvPbnlkbpLDpQ9b9oG0lJ76IPXjgBI2k9ZOUbaBO
A8vRk4umLqEP5WySGa5GnJsz3MT01tD1nCsTMLaE0YxjL/4Jx7lpiC6HlKCz4yER
6sEqrxqVhLEVYgQ1N+7+kay1HH6yNkoqu00Z1YjzlihoWFYJ1OGicdMuz6DojBOb
fSKQBaSC471xNN3+NdEq/2b2C2mrqwxV9kTo34Wp0MOO6gXPy1cL89pvU9urN8WF
c89+BM/alw2lZmHNtKKuQpYDxBoaA/NQiDGB866FeUrTp4N5CSN2wWSuINnBkQjl
jCDp38o/LRwuzf1CXYMxJlf7ut2D+t5AWKC/ZfAHcb3CJyHRJ+Pdy1jpeJRWLt/o
3YNvy/oxGhUSRAej0fsmCZlTfNV7xPdKWzfBizpZIDIHf73yJChVn3Sh2qXe+IAQ
oJxnj9UYiafTKaHnJFmRUxUf0MtPBy5gu637hk7ej1tBqZY3HmaKxpth9d7BSKhV
z4NNNhD+8TA2QQkgWiQkqOyc0gEDFI7mqqHkrCr0N0ybBQW7n5f+yXzvKQCcN2qa
rvW5sQ727d1MnzmWeZYWiVY5w+RnxzwQgYrdcROLuV2zEgY6ENHhLVO5dObqErgZ
tV9XXTx2FUTvFwOxMSzu
=m2BO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.