On 28/08/17 09:27, Juan Manuel Fernandez wrote:
Last weeks we were fuzzing dnsmasq and found this crash
We tried to reach Simon on Friday but we have not had any response from
him. We asked mitre for a CVE id and were assigned CVE-2017-13704.
Be aware that it's a bank holiday Monday here in the UK which means it's
popular time to go away for a week or so with family/friends. This may
explain the lack of response so far.
Good that a CVE is assigned. Even better you've got some example
packets that induce the issue :-)
In our original mail to Simon we attached two packets as examples: one
that crash the application, and another where the memset is set to a
lenght of 0 (making it useless).
Juan Manuel Fernandez
Dnsmasq-discuss mailing list