Summary: | <app-crypt/pgpdump-0.30: endless loop parsing specially crafted input (CVE-2016-4021) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mrueg |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1328351 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-04-19 10:44:11 UTC
Version bumped. amd64 x86 ppc sparc: Please stabilize amd64 stable x86 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. CVE-2016-4021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4021): The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. GLSA Vote: No @maintainer(s), please cleanup. Cleaned. |