subject:"Bug#699267\: ircd\-hybrid\: Denial of service vulnerability in hostmask.c\:try_parse_v4_netmask\(\)"

Bug#699267: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()

2013-02-02 Thread Dominic Hargreaves

On Tue, Jan 29, 2013 at 05:38:36PM +0200, Henri Salo wrote: Mr. Bob Nomnomnom from Torland reported a denial of service security vulnerability in ircd-hybrid. Function hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks. Documentation says strtoul can parse -number as well.

Bug#699267: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()

2013-01-29 Thread Henri Salo

Package: ircd-hybrid Version: 1:7.2.2.dfsg.2-6.2 Severity: grave Tags: security Mr. Bob Nomnomnom from Torland reported a denial of service security vulnerability in ircd-hybrid. Function hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks. Documentation says strtoul can parse

Bug#699267: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()

2013-01-29 Thread Salvatore Bonaccorso

Control: retitle -1 ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Hi On Tue, Jan 29, 2013 at 05:38:36PM +0200, Henri Salo wrote: I have requested CVE identifier for this vulnerability. Was assigned now: CVE-2013-0238 Regards, Salvatore --