oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questionable CVE's reported against dnsmasq

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 14 Nov 2025 09:31:48 -0500
On Fri, Nov 14, 2025 at 1:44 AM Peter Gutmann <pgut001 () cs auckland ac nz> wrote:


Jacob Bachmeyer <jcb62281 () gmail com> writes:


Ah yes, the universal arbitrary code execution exploit:  simply replace the
program text with malicious code.  :-)

Can we call it CVE-Zero?  :-P


The best one I've run into is enabling an undocumented internal build option
that turns on extra code for coverage/fuzz testing, then reporting it as a
vuln while ignoring the fact that the debug code also implements SSLKEYLOGFILE
which dumps the plaintext TLS master secret to the diagnostic output.

Aside from the OpenSSH pseudovulnerability that started all this, anyone else
have any interesting stories?


Crypto++ earned a CVE for documentation: CVE-2016-7420,
<https://seclists.org/oss-sec/2016/q3/520>.

Folks outside the project ported the Crypto++ library to another build
system, but did not use the same build flags that Crypto++ uses.  Then
an assert fired because the ported build was a debug build.  Crypto++
caught a CVE for a DoS.  The CVE folks told the Crypto++ library that
the behavior should have been documented.

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: