Skip to content

CVE 2015 0228

Jump to bottom Edit New page
Hayden Nier edited this page Dec 19, 2016 · 4 revisions

##CVE-2015-0228: Researched by Joshua James

####Commits ######Fix

  • Github - Hash
  • Number: 643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
  • Date: February 4, 2015

######Introduction

  • Github - Hash
  • Number: 445a18eb22d98166df9acbb4b3d50c9220115e2d
  • Date: September 11, 2013

####Authors: ######Fixer

  • covener
  • Eric Covener
  • Senior Software Engineer @ IBM
  • BS Computer Security 2003
  • No evidence of a bounty

######Discoverer

######Introducer

  • Humbedooh
  • Daniel Gruno
  • Senior Infrastructure Architect @ Apache Software Foundation
  • MS Human Resources 2010

####Mistake: If the opcode needed to be reacted to then the system called the entire function again. This caused extra process to occur and could potentially exhaust the stack with the number of variables that were created. ####Description: The fix for this was to create a while loop that the method locks into until the opcode no longer needs to be reacted to. This was exploited through “stack exhaustion” as stated by Mr. Vranken on his wordpress site. ####Tested No ####Exploits None found.

This was fixed in patch 2.4.24

Add a custom footer
Add a custom sidebar

Clone this wiki locally