Bug #2860

CVE-2013-4180 - Potential DoS in HostsController

Added by Marek Hulán over 1 year ago. Updated about 1 year ago.

Status:ClosedStart date:07/30/2013
Priority:NormalDue date:
Assigned To:Marek Hulán% Done:

100%

Category:Security
Target version:1.2.2
Difficulty: Bugzilla link:
Found in release: Pull request:
Story points-
Velocity based estimate-

Description

HostController#power and HostController#ipmi_boot convert user input to symbol which could lead to memory exhaustion. Patch already sent, so setting Ready For Testing status.

0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch Magnifier (2.09 KB) Dominic Cleal, 07/30/2013 01:19 PM

0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch Magnifier - added CVE identifier (2.09 KB) Dominic Cleal, 08/19/2013 12:39 PM

Associated revisions

Revision d370f4aa
Added by Marek Hulán about 1 year ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

Revision e2988ac7
Added by Marek Hulán about 1 year ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

History

#1 Updated by Dominic Cleal over 1 year ago

Patch ACKed by me, pending merge with 1.2.1 release.

#2 Updated by Marek Hulán over 1 year ago

  • Subject changed from Potential DoS in HostsController to CVE-2013-4180 - Potential DoS in HostsController

#3 Updated by Dominic Cleal over 1 year ago

  • Target version changed from 1.2.1 to 1.2.2

#5 Updated by Dominic Cleal about 1 year ago

  • Private changed from Yes to No

#6 Updated by Marek Hulán about 1 year ago

  • Status changed from Pending to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF