oss-sec mailing list archives
Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode
From: Josh Bressers <bressers () redhat com>
Date: Mon, 2 Aug 2010 18:32:14 -0400 (EDT)
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
This seems to be a bit of a slippery slope. While I have no problem with these particular issues being assigned CVEs, since they were treated as security issues, fixed, and caused unintended application behavior, I have to wonder if maybe it's a bad idea to give CVEs for crashes of this variety. Denial-of-service issues are tricky. In my opinion, the following types of DoS bugs are security relevant:
I agree with you on this. I gave it an ID, as I'm going to presume that the cabextract application is likely used in things like virus and mail scanners, where we don't want a crashing application. One of the unfortunate aspects of assigning a large number of CVE ids, is sometimes I have to assume things, as I lack the time to properly understand what's going on for everything. I figure it's easier to dispute an ID than end up in the situation where a scary exploit vector is found later. You are welcome to, and should, dispute this if you think I'm mistaken. I would have likely turned down such a request for say an image viewer. Thanks for the followup though, it's nice to know someone is watching us watchers ;) -- JB
Current thread:
- Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Josh Bressers (Aug 02)