[Git][security-tracker-team/security-tracker][master] Concluded that CVE-2024-25768 is a minor issue.

Ola Lundqvist (@opal) opal at debian.org
Mon Mar 4 23:09:56 GMT 2024 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4da981b2 by Ola Lundqvist at 2024-03-05T00:08:30+01:00
Concluded that CVE-2024-25768 is a minor issue.

  The issue occurs if a null list buffer is provided but a non-zero length
  of that buffer is provided. In opendmarc itself this will never happen
  because the list buffer is always provided with null value and zero
  length.

  When opendmarc is used as a library it is reasonable to assume that
  providing a null list and non-zero value for such a list is a
  programming error.

  There are no reverse dependencies for libopendmarc-dev in buster.
  If someone builds an application that have such an error it is likely
  going to have other more severe problems. It is still a vulnerability
  but the vulnerability is more in the application calling this function
  than something else.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2653,6 +2653,7 @@ CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/s
 	- ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
 	- opendmarc <unfixed>
+	[buster] - opendmarc <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
 CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...)
 	NOT-FOR-US: NanoMQ



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da981b21fb6ef71f9d3230708c2589372934e34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da981b21fb6ef71f9d3230708c2589372934e34
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240304/0e409bc1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list