Project

General

Profile

Actions
Copy link

Security #8304

closed
PA PA

dcerpc: internal buffering logic leads to quadratic complexity

Security #8304: dcerpc: internal buffering logic leads to quadratic complexity

Added by Philippe Antoine 4 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.15
Affected Versions:
Label:
CVE:
2026-31937
Git IDs:

281f419c0481f7d24d8ce5482b962673a3938e9b

Severity:
HIGH
Disclosure Date:
05/18/2026
GHSA:
GHSA-86vg-w8vm-m3gg

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/485091383
Fixed in 8 and main by #5699

PA Updated by Philippe Antoine 4 months ago Actions
Copy link
 #2

  • Status changed from Assigned to In Review

Gitlab MR

SB Updated by Shivani Bhardwaj 4 months ago Actions
Copy link
 #3

  • Subject changed from dcerpc: internal buffering with split_off(0) leads to quadratic complexity to dcerpc: internal buffering logic leads to quadratic complexity

VJ Updated by Victor Julien 4 months ago Actions
Copy link
 #4

  • Severity set to HIGH

Causes high processing cost, leading to reduction of availability. So HIGH.

JI Updated by Jason Ish 4 months ago Actions
Copy link
 #5

  • CVE set to 2026-31937

VJ Updated by Victor Julien 4 months ago Actions
Copy link
 #6

  • Status changed from In Review to Resolved
  • Git IDs updated (diff)

VJ Updated by Victor Julien 3 months ago Actions
Copy link
 #8

  • Status changed from Resolved to Closed

SB Updated by Shivani Bhardwaj 3 months ago Actions
Copy link
 #9

  • Private changed from Yes to No

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #10

  • GHSA set to GHSA-86vg-w8vm-m3gg
Actions
Copy link

Also available in: PDF Atom