diff options
| author | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2018-04-13 20:49:04 +0000 |
|---|---|---|
| committer | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2018-04-13 20:49:04 +0000 |
| commit | 4f86aadb156f78dd1c38d9dccf5f96751e617c73 (patch) | |
| tree | de6a8d5d8364765a48b49e52abc31e4b4ef33460 | |
| parent | 8cdc2dba6233ff59c04e610a59cca89a325a4e57 (diff) | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2a320818d656..abbdcf248bc0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,50 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1fccb25e-8451-438c-a2b9-6a021e4d7a31"> + <topic>nghttp2 -- Denial of service due to NULL pointer dereference</topic> + <affects> + <package> + <name>libnghttp2</name> + <name>nghttp2</name> + <range><ge>1.10.0</ge><lt>1.31.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nghttp2 blog:</p> + <blockquote cite="https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"> + <p>If ALTSVC frame is received by libnghttp2 and it is larger than it can + accept, the pointer field which points to ALTSVC frame payload is left + NULL. Later libnghttp2 attempts to access another field through the + pointer, and gets segmentation fault.</p> + <p>ALTSVC frame is defined by RFC 7838.</p> + <p>The largest frame size libnghttp2 accept is by default 16384 bytes.</p> + <p>Receiving ALTSVC frame is disabled by default. Application has to + enable it explicitly by calling + nghttp2_option_set_builtin_recv_extension_type(opt, NGHTTP2_ALTSVC).</p> + <p>Transmission of ALTSVC is always enabled, and it does not cause this + vulnerability.</p> + <p>ALTSVC frame is expected to be sent by server, and received by client + as defined in RFC 7838.</p> + <p>Client and server are both affected by this vulnerability if the + reception of ALTSVC frame is enabled. As written earlier, it is useless + to enable reception of ALTSVC frame on server side. So, server is + generally safe unless application accidentally enabled the reception of + ALTSVC frame.</p> + </blockquote> + </body> + </description> + <references> + <url>https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/</url> + <cvename>CVE-2018-1000168</cvename> + </references> + <dates> + <discovery>2018-04-04</discovery> + <entry>2018-04-13</entry> + </dates> + </vuln> + <vuln vid="48894ca9-3e6f-11e8-92f0-f0def167eeea"> <topic>roundcube -- IMAP command injection vulnerability</topic> <affects> |