[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2014-7187 and CVE-2014-6278

From: Greg Wooledge
Subject: Re: CVE-2014-7187 and CVE-2014-6278
Date: Mon, 17 Nov 2014 08:49:59 -0500
User-agent: Mutt/

On Mon, Nov 17, 2014 at 04:30:07PM +0800, Jack wrote:
> As title, what difference between CVE-2014-7187 and CVE-2014-6278 ?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187 says
"Off-by-one error in the read_token_word function in parse.y"
So it's just another dumb parser bug, nothing to do with remote
exploitation really.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278 is the
REAL bug.  This is the root cause of all the remote exploitation
badness.  The patches which fix this problem fix remote exploitation
of ALL the dumb parser bugs by closing off the attack vector.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]