Hi, I noticed that using the dict regular expression search feature, it is possible to get extremely large amounts of data from a server with dictd running, for example `dictd -s regexp [a-z]` would return the entire dictionary (assuming that all headwords contained a lower case letter).
My concern is that for larger dictionaries, an attacker could repeatedly make requests for significant portions of the dictionary, thus leading to denial of service. This could potentially be mitigated by imposing a limit on the amount of data that can be sent per request. Yours sincerely, Riley Baird -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bc89cb.4020...@bitmessage.ch
