Steffen Joeris wrote:
> CVE-2007-6103:
>
> I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a
> denial of service (infinite loop) via a packet that contains zero in the
> size field in its header, which is improperly handled by the
> Receiver::processPacket function; and (2) a denial of service (daemon
> crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does
> not specify the mode, which is improperly handled by the Player::ring
> function in Player.cpp.
>
> When you fix this, please mention the CVE id in your changelog.
> Thanks for your efforts.
I'm not convinced that this is more than a regular bug: ihu is
| Description: Qt VoIP softphone with an own, encrypted protocol
| IHU creates an audio stream between two computers easily and with the minimal
| traffic on the network.
Performing the "attack" described above is effectively a creative way to
hang up. We wouldn't call hanging up remote DoS either...
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
