kazu-yamamoto / pgpdump

A PGP packet visualizer
http://www.mew.org/~kazu/proj/pgpdump/
BSD 3-Clause "New" or "Revised" License
174 stars 33 forks source link

fix endless loop on invalid 2 Byte input \xa3\x03 (SYSS-16-030) #16

Closed keisentraut closed 8 years ago

kazu-yamamoto commented 8 years ago

Thank you for your report. This is a serious bug.

Your patch prevents the endless loop, however, disables pgpdump to analyze anything. The above patch fixes this.

kazu-yamamoto commented 8 years ago

Version 0.30 has been released: http://www.mew.org/~kazu/proj/pgpdump/en/

keisentraut commented 8 years ago

I wrote cve-assign@mitre.org about this, they assigned CVE-2016-4021 for this vulnerability. Please see CVE-2016-4021_MITRE_Reply.txt for their answer.

kazu-yamamoto commented 8 years ago

@keisentraut Thank your your contribution to make pgpdump more stable!