oss-sec mailing list archives
Re: CVE Request -- libvoikko -- DoS of application linked against libvoikko due improper handling of embedded null characters in input strings
From: Josh Bressers <bressers () redhat com>
Date: Mon, 13 Jun 2011 15:47:11 -0400 (EDT)
Steve, Can MITRE comment on this one? I'm not really sure what to do. The core issue, embedded null characters seems to be the same for both Java and Python, but the fix covers two different bits of code. My guess is it's just one ID, but I'd like to be certain. Thanks. -- JB ----- Original Message -----
Hello, Josh, Steve, vendors, A denial of service flaw was found in the way Python and Java interfaces of libvoikko, a library for spellcheckers and hyphenators, processed embedded null characters in input strings. If a specially- crafted input string was provided to an application linked against libvoikko, it could lead to that particular application termination. References: [1] http://voikko.sourceforge.net/releases.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=712863 Upstream patches: [3] http://voikko.svn.sourceforge.net/viewvc/voikko?view=revision&revision=3901 [4] http://voikko.svn.sourceforge.net/viewvc/voikko?view=revision&revision=3902 [5] http://voikko.svn.sourceforge.net/viewvc/voikko?view=revision&revision=3903 Could you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- libvoikko -- DoS of application linked against libvoikko due improper handling of embedded null characters in input strings Jan Lieskovsky (Jun 13)
- Re: CVE Request -- libvoikko -- DoS of application linked against libvoikko due improper handling of embedded null characters in input strings Josh Bressers (Jun 13)