Monday, 19 May 2014

CVE-2014-3788 and MS14-028

Zero Day Initiative (ZDI) has published another advisory for a heap buffer overflow vulnerability in Cogent DataHub webserver that i found. The bug occured when passing a negative value in the Content-Length header. The original advisory can be read here ZDI-14-135.

Recently i also have been acknowledged by Microsoft for responsible disclosure (through SSD) of two denial of service vulnerabilities affecting the iSCSI Target (CVE-2014-0255 and CVE-2014-0256). MS Bulletin can be found here MS14-028.

No comments:

Post a comment