mhonarc-dev

[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2010-12-30 14:45:20

URL:
  <http://savannah.nongnu.org/bugs/?32014>

                 Summary: CVE-2010-1677: DoS when processing html messages
with deep tag nesting
                 Project: MHonArc
            Submitted by: ehood
            Submitted on: Thu 30 Dec 2010 02:45:51 PM CST
                Category: MIME Filter
                Severity: 6 - Security
              Item Group: Undesired Behavior
                  Status: In Progress
                 Privacy: Private
             Assigned to: ehood
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: All
            Perl Version: All
       Component Version: 2.6.16
           Fixed Release: 

    _______________________________________________________

Details:

If a malformed HTML message contains something like the following:

  <bo<bo<bo<bo<body>dy>dy>dy>dy>

But to a much larger extent, will cause mhonarc to consume
a alot of CPU resources to strip out the data.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32014>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV

<Prev in Thread] Current Thread [Next in Thread>