On 28/08/17 09:27, Juan Manuel Fernandez wrote:
Hi,
Last weeks we were fuzzing dnsmasq and found this crash
(https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html
<https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html>) .
We tried to reach Simon on Friday but we have not had any response from
him. We asked mitre for a CVE id and were assigned CVE-2017-13704.
Be aware that it's a bank holiday Monday here in the UK which means it's
popular time to go away for a week or so with family/friends. This may
explain the lack of response so far.
Good that a CVE is assigned. Even better you've got some example
packets that induce the issue :-)
In our original mail to Simon we attached two packets as examples: one
that crash the application, and another where the memset is set to a
lenght of 0 (making it useless).
Regards,
Juan Manuel Fernandez
Tarlogic
Cheers,
Kevin
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
