Project

General

Profile

Bug #2860

CVE-2013-4180 - Potential DoS in HostsController

Added by Marek Hulán almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

HostController#power and HostController#ipmi_boot convert user input to symbol which could lead to memory exhaustion. Patch already sent, so setting Ready For Testing status.

Associated revisions

Revision d370f4aa (diff)
Added by Marek Hulán over 5 years ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

Revision e2988ac7 (diff)
Added by Marek Hulán over 5 years ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

History

#1 Updated by Dominic Cleal almost 6 years ago

Patch ACKed by me, pending merge with 1.2.1 release.

#2 Updated by Marek Hulán almost 6 years ago

  • Subject changed from Potential DoS in HostsController to CVE-2013-4180 - Potential DoS in HostsController

#3 Updated by Dominic Cleal almost 6 years ago

  • Target version changed from 1.2.1 to 1.2.2

#5 Updated by Dominic Cleal over 5 years ago

  • Private changed from Yes to No

#6 Updated by Marek Hulán over 5 years ago

  • Status changed from Pending to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF