Date: Fri, 13 Apr 2018 20:49:04 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r467268 - head/security/vuxml Message-ID: <201804132049.w3DKn4G0060968@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Fri Apr 13 20:49:04 2018 New Revision: 467268 URL: https://svnweb.freebsd.org/changeset/ports/467268 Log: Document nghttp2 vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Apr 13 20:48:58 2018 (r467267) +++ head/security/vuxml/vuln.xml Fri Apr 13 20:49:04 2018 (r467268) @@ -58,6 +58,50 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1fccb25e-8451-438c-a2b9-6a021e4d7a31"> + <topic>nghttp2 -- Denial of service due to NULL pointer dereference</topic> + <affects> + <package> + <name>libnghttp2</name> + <name>nghttp2</name> + <range><ge>1.10.0</ge><lt>1.31.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>nghttp2 blog:</p> + <blockquote cite="https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/">; + <p>If ALTSVC frame is received by libnghttp2 and it is larger than it can + accept, the pointer field which points to ALTSVC frame payload is left + NULL. Later libnghttp2 attempts to access another field through the + pointer, and gets segmentation fault.</p> + <p>ALTSVC frame is defined by RFC 7838.</p> + <p>The largest frame size libnghttp2 accept is by default 16384 bytes.</p> + <p>Receiving ALTSVC frame is disabled by default. Application has to + enable it explicitly by calling + nghttp2_option_set_builtin_recv_extension_type(opt, NGHTTP2_ALTSVC).</p> + <p>Transmission of ALTSVC is always enabled, and it does not cause this + vulnerability.</p> + <p>ALTSVC frame is expected to be sent by server, and received by client + as defined in RFC 7838.</p> + <p>Client and server are both affected by this vulnerability if the + reception of ALTSVC frame is enabled. As written earlier, it is useless + to enable reception of ALTSVC frame on server side. So, server is + generally safe unless application accidentally enabled the reception of + ALTSVC frame.</p> + </blockquote> + </body> + </description> + <references> + <url>https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/</url>; + <cvename>CVE-2018-1000168</cvename> + </references> + <dates> + <discovery>2018-04-04</discovery> + <entry>2018-04-13</entry> + </dates> + </vuln> + <vuln vid="48894ca9-3e6f-11e8-92f0-f0def167eeea"> <topic>roundcube -- IMAP command injection vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804132049.w3DKn4G0060968>