Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <s6oo8s-46ps-5o2p-2164-31s0no13r759@vanv.qr>
Date: Thu, 1 Apr 2021 01:20:24 +0200 (CEST)
From: Jan Engelhardt <jengelh@...i.de>
To: oss-security@...ts.openwall.com
Subject: Re: kopano-core 11.0.1: Remote DoS by memory
 exhaustion

On Friday 2021-03-19 13:44, Jan Engelhardt wrote:
>Initial publication, no CVE number yet (will request).
>[…]
>The "kopano-ical" program implements a network service/trivial HTTP server.
>It imposes no length restrictions on HTTP headers, which can be exploited
>to memory-exhaust the process and have it terminate.

This was assigned CVE-2021-28994.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.