Project

General

Profile

Actions
Copy link

Bug #2860

closed

CVE-2013-4180 - Potential DoS in HostsController

Added by Marek Hulán over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Security
Target version:
1.2.2
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

HostController#power and HostController#ipmi_boot convert user input to symbol which could lead to memory exhaustion. Patch already sent, so setting Ready For Testing status.

Files

0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch 0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch 2.09 KB Dominic Cleal, 07/30/2013 01:19 PM
0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch 0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch 2.09 KB added CVE identifier Dominic Cleal, 08/19/2013 12:39 PM
Actions
Copy link
 #1

Updated by Dominic Cleal over 10 years ago

Patch ACKed by me, pending merge with 1.2.1 release.

Actions
Copy link
 #2

Updated by Marek Hulán over 10 years ago

  • Subject changed from Potential DoS in HostsController to CVE-2013-4180 - Potential DoS in HostsController
Actions
Copy link
 #3

Updated by Dominic Cleal over 10 years ago

  • Target version changed from 1.2.1 to 1.2.2
Actions
Copy link
 #5

Updated by Dominic Cleal over 10 years ago

  • Private changed from Yes to No
Actions
Copy link
 #6

Updated by Marek Hulán over 10 years ago

  • Status changed from Pending to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF