On 28/08/17 09:27, Juan Manuel Fernandez wrote:

Last weeks we were fuzzing dnsmasq and found this crash (https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html <https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11597.html>) . We tried to reach Simon on Friday but we have not had any response from him. We asked mitre for a CVE id and were assigned CVE-2017-13704.

Be aware that it's a bank holiday Monday here in the UK which means it's popular time to go away for a week or so with family/friends. This may explain the lack of response so far.

Good that a CVE is assigned. Even better you've got some example packets that induce the issue :-)

In our original mail to Simon we attached two packets as examples: one that crash the application, and another where the memset is set to a lenght of 0 (making it useless).

Juan Manuel Fernandez



Dnsmasq-discuss mailing list

Reply via email to