Project

General

Profile

Bug #2860

CVE-2013-4180 - Potential DoS in HostsController

Added by Marek Hulán about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

HostController#power and HostController#ipmi_boot convert user input to symbol which could lead to memory exhaustion. Patch already sent, so setting Ready For Testing status.

Associated revisions

Revision d370f4aa (diff)
Added by Marek Hulán about 5 years ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

Revision e2988ac7 (diff)
Added by Marek Hulán about 5 years ago

fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)

History

#1 Updated by Dominic Cleal about 5 years ago

Patch ACKed by me, pending merge with 1.2.1 release.

#2 Updated by Marek Hulán about 5 years ago

  • Subject changed from Potential DoS in HostsController to CVE-2013-4180 - Potential DoS in HostsController

#3 Updated by Dominic Cleal about 5 years ago

  • Target version changed from 1.2.1 to 1.2.2

#5 Updated by Dominic Cleal about 5 years ago

  • Private changed from Yes to No

#6 Updated by Marek Hulán about 5 years ago

  • Status changed from Pending to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF