oss-sec mailing list archives
Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug
From: Luigi Auriemma <aluigi () autistici org>
Date: Fri, 2 Jul 2010 18:31:42 +0100
Though not sure, if the true reason for this is: 1, either Mumble server calling relevant Qt SQLite function in improper way or 2, deficiency in that particular Qt function itself
Hey Jan, I have not debugged the problem because I contacted directly the author immediately after the finding, so the following are his words in reply to the report of this specific bug: "The second seems to be a .. "feature" of SQLite; it bails if you have too many almost-but-not-really-utf8 chars in a 'like' query. We can probably add a workaround for that." So the problem "seems" to be caused by SQLite but should be necessary to see in its manual if there are references about limitations that the developers should respect or something else. BYEZ --- Luigi Auriemma http://aluigi.org
Current thread:
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)