On 11/29/19 1:06 PM, on...@mistotebe.net wrote:
> thanks for the report, this should be fixed by commit
> 1dbf0e9441def3d6dbc0fa8fba3c2e86fa50fa19 in master.
Will this fix be added to 2.4.49 and when?
Ciao, Michael.
--Apple-Mail-A7F46F22-1F3F-4DFD-A65F-8D3B7CB2FC27
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: base64
V2lsbCB1c2UgdGhlIE1ham9yIFNlY3VyaXR5IGlzc3VlIGJ1dHRvbiBuZXh0IHRpbWUuIEFsc28s
IEkgd2lsbCB3YWl0IHdpdGggQ1ZFIElEIHJlcXVlc3QgdW50aWwgYSBuZXcgcmVsZWFzZSBpbmNs
step...@srlabs.de wrote:
> Note: After Cyrus SASL fixes the other issue #9123, I will request CVE id=
> 's for the two bugs and share them as a reference in the relevant issues =
> (#9123, #9124)
Usual practice for CVEs is not to make them public until fixes are released. In
the
future, you
--ms020107020804030202050609
Content-Type: multipart/mixed;
boundary="B39567B16EE4CE18797C4253"
Content-Language: en-US
This is a multi-part message in MIME format.
--B39567B16EE4CE18797C4253
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding:
On Fri, Nov 29, 2019 at 09:08:15AM +, step...@srlabs.de wrote:
> Unauthenticated remote denial-of-service through malformed ldap packet
> caused by a null pointer dereference in ber_skip_tag function
> (libraries/liblber/decode.c).
>
> ==4066091==by 0x4FD051: cancel_extop (cancel.c:52)
Full_Name: Stephan Zeisberg
Version: 2.4.48
OS: Fedora 31 (kernel 5.3.11-300.fc31.x86_64)
URL:
Submission from: (NULL) (217.228.59.1)
# Issue description
Unauthenticated remote denial-of-service through malformed ldap packet caused by
a null pointer dereference in ber_skip_tag function