From nobody Wed Jul 03 13:00:41 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WDfz30YlZz5PF7t for ; Wed, 03 Jul 2024 13:00:47 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on20700.outbound.protection.outlook.com [IPv6:2a01:111:f403:2419::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WDfz220ryz4lw8 for ; Wed, 3 Jul 2024 13:00:46 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=redcomlaboratories.onmicrosoft.com header.s=selector1-redcomlaboratories-onmicrosoft-com header.b=N32UDsiJ; dmarc=none; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 2a01:111:f403:2419::700 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GnqIYcgyAcWvHPNPZ/ykORuHRDCRvASmMbwrlkLIlNFjzTK1yXCyPJz0cM6HrXKa7HD2zzQV3eJJO7tQd6JOTQyRaqW0aFPy0Vjy71iCX7cCp5IW+a1HS3cuCo9nGvM4vgC08GwDOrmNV+4quBCMBSqmvCj/J9wgDftvyJKUj1PvEFSYLXNAD7oSMWWEuZ6MpbLBktnLtHzkkH5cRrF1Zh4hEr080ScdofSwuW4RobF5aXjCwz3rSyfKwlKVFn/st2yKcen8S1ENnzTwm6quaMTRxRdPlo2RVHQfUehZQglGCWDSygHMgl2I0Nx0yCYKrO8n3+BJzKfXcOu9we5gjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aNh9aTBaKS7tdIfRS9u+qgSwfdtuve+SCosLxJc0X3E=; b=jdUAhMJVyXsFCsSTGlvzHsoWLVgRClpYpM8iYyl6rnyv/uUjJ10EQ8d543C/Cy3/9yPi5J691MjNei9Dvpfw7hteooXo2s/bKs8z6TjFNUK+pero4CgWcGQDC105uBpFd8AX4E1XdF92lrSf/EUV4H7dUu4Ynv5m9hNshWXi3ZiUATfhAMhzTHI2KLZS9W6RlfffTqpHzjdXQ6RYmCbKKH/+jyJ0yYCi5XbTueL6tLy1WcrNPexcaipFHPdkkxA+65lOWHNriPVHhDBv1ebfHjjOMCF63JSgkVEkDFxQarETEJsQYBXTFjY3IHLqpLJbRI9xF0R99eRagD8oLwlxPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=redcom.com; dmarc=pass action=none header.from=redcom.com; dkim=pass header.d=redcom.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redcomlaboratories.onmicrosoft.com; s=selector1-redcomlaboratories-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aNh9aTBaKS7tdIfRS9u+qgSwfdtuve+SCosLxJc0X3E=; b=N32UDsiJykVayV16tNcupptRW0DG761jplB6w1mXMi2zjvTZ/vNERAScIeXmQDImGMWlec/KJ9/hTRH600J/ZlakBXOb8pR9FWDdgNdiyc4t6kbusVxJEcctzmnxi+fSm1uzsN8Rrp5gZQRaxfvXZG2n3AibfYb4S/5PwvvJKa9mHbYfUT4yfjJjiZAEaDA95eeVod15ldOZHjdJY9hXarqaDonk2Jn6vfRs8zZNOw0B8iabxqy5wy2JgBHkXdQ5HFlEjMcUICQpQMfsGU9TSZyyiG6VjyR0n4tEfqtqh5jkQfTzSvsSjBDTaAj5R5e0Ypl8zJYP/fUEZT4L9LyLJQ== Received: from MW4PR09MB9284.namprd09.prod.outlook.com (2603:10b6:303:1f2::12) by DM8PR09MB6887.namprd09.prod.outlook.com (2603:10b6:5:2e8::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25; Wed, 3 Jul 2024 13:00:41 +0000 Received: from MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e]) by MW4PR09MB9284.namprd09.prod.outlook.com ([fe80::7849:d1ba:7ac7:46e%4]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 13:00:41 +0000 From: "Wall, Stephen" To: "freebsd-security@freebsd.org" Subject: RE: CVE 2024 1931 - unbound Thread-Topic: CVE 2024 1931 - unbound Thread-Index: AdrH8HE4aG8eCTkTSMeV03DrXWBN0gCY2pKWALz8PbA= Date: Wed, 3 Jul 2024 13:00:41 +0000 Message-ID: References: <86jzi71tjx.fsf@ltc.des.dev> In-Reply-To: <86jzi71tjx.fsf@ltc.des.dev> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR09MB9284:EE_|DM8PR09MB6887:EE_ x-ms-office365-filtering-correlation-id: 050c7cc9-0133-49cc-b79c-08dc9b602484 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|41320700013|38070700018; x-microsoft-antispam-message-info: =?utf-8?B?MVlHQ1B2clBvcURGNkNoOG1obEM3UG5nbERleVBjTmp0aTVkbi94eVphY0lj?= =?utf-8?B?ejI1dkcva0VzU1Z2R2VqY3JWQjRZdDJueUdzcXBnT1FEaXQzSXpEV082cnZS?= =?utf-8?B?QWlHWDBZRER5NDQ1NVFjVkZjNUZ3L2Vxcmpwa3NMOWY1SVVNVW50bUo5VGVh?= =?utf-8?B?aFY5VkxkcENqS0J6U0ZRTVkzd0lSbncydUxyOFhOckhmaGlSOWlSdEpxR0l6?= =?utf-8?B?SkN4UVkxYmNDOWdyS0RsdFgxL2QxM1BHbUNMSDFBOWIyR3dVZ1o2NHJyVHBD?= =?utf-8?B?UDh4M1FtSVJEVDFrcDBkeTRkT1VONDFhNUNLMHU0OStXdjRlUnNiNXJWSnFk?= =?utf-8?B?aTBpV0ZkSkI0Yys1MmIxMmo2U3lldzlPUHQxNmZjMXF0T2ZzVFBwSkxwMkFL?= =?utf-8?B?aFljZkRYZjNMaTgyUS9CWHlRNjZzb3dlZDIvRHpXTjY4WWl6S2ZLeU9EekVN?= =?utf-8?B?U0tyMjllcVZGcG1zRFFEN096eUhOdGsvK2RpcDVMY2FUdTdBck9jcnpvcnNC?= =?utf-8?B?NFZXdS9vZDl3c3daRFlDalpzTlFMemp6QjBJWWl5Q3B1QnZ1K3BoUENydjU0?= =?utf-8?B?V2NYb0tsb0EyNXNFM3Yvb3RuMkI0dVRudFVqY21NYlZTM1N2OHNHeHIvZFFr?= =?utf-8?B?MW1SSzAwaW9SNGRITXhWUDdXU1lVZXNlNXgxUTZjZmJQTU1oY0lKV0xBOElK?= =?utf-8?B?amxvYlRQWFhUdmV6TC90SW1vZ1ZINGoyQk95cHFDTE5tT1BObndBZFh0cU5J?= =?utf-8?B?RjBEWXFDOE5UdUNsU1ZXNTZmanJxWGNnaVZJUFdQRWl1UHV2MElaYUNJQ3By?= =?utf-8?B?NzM3Wkp2bGQrK0duRHlxaVB1dXVFQ3hXZlZMdFk3YUJJK1R0YUNuZy9LM1RG?= =?utf-8?B?R2x5NGtRSS8vVjYrems5b2V6NGxWaS9wUmxJM2dmYTY1WjVKYjZvNWgxUkc1?= =?utf-8?B?ZDFQQUZUS0hUdmd4WVJrYjFWQUpuRjl3MWtJNjlvQnF2WW1MWTAwVlVDVnQ2?= =?utf-8?B?SndGY0NPakFJa1h6WTNqbWV1MW1CU3BCWFNRN1cvU0JIblVadEZ1Z0t4RFYy?= =?utf-8?B?bGx0WHEweGgxa3hRSjJUZTlkaXdrRWEwSWlMMmtBdFY0KzBYd05DNEJ0R1g4?= =?utf-8?B?ZC9aVUt1TU9FRGdFTUd6TmZkYVAwMVZxTjBPRDJTY0kvVHUxNHc2eWVPYVZZ?= =?utf-8?B?eFNEOTRlam84THFOSzhrdEgxNUEzTDdjYXF5dFd3eitCR0FjUzdzSWJ2b1JK?= =?utf-8?B?SEtoUWhwWnNNRGsvWWc2bWZBOFdDdFBIT0hEZ2xFekxTczZWeUd0UVVjd05y?= =?utf-8?B?Rk5nWFZwRCswVUFjb0Y3cE5uL0pVZW81NlE3aXlBcUVta0tGVXJJYmhHYUpn?= =?utf-8?B?U1c4K2kyRURsQWVoVkpTbThQYWJxNnNvKzN6SEI3Y0ZqZWVSQzVYSmRJTUFV?= =?utf-8?B?SndtaC8vMEFFOW45ZjM0MytuYlc3V3ZqZ2poMUo3bWRJLzVRWnFuS3VMdTVK?= =?utf-8?B?SEhQd0MvUHYwa1FiVDI1cEhSOUE0dk5uczNMRE54cTlNSlNoekpxUXEvaHhH?= =?utf-8?B?UHNsR2FURlVDeDVxTjlRcHpqWW5TY2lrUGh6TFU4SS83UWgzMkdTRWNJNFBv?= =?utf-8?B?RWxRQzZjQzZLbEl1RTRxRXl4UUhkZEVRdERMZktQWjI5ODZPT2dTRVAzVzlJ?= =?utf-8?B?bFBaWG1HVTg5K05aakNsUVJjeFVXTy83MHkzK3VhVGJ6VVN1OEtOWlRRaFl4?= =?utf-8?B?UmlLSFBzQ0UwVUNFUDFnRjhsajdEZmRaTXFQdlpuRlVqRUFWRnpqQnByWE5o?= =?utf-8?B?MDNSTXdaN2tJaGNZZTkyczNKQkx2YjljNW1BZC9jdUFhSWZpTkJuNmR5OUNj?= =?utf-8?B?TGI2dHlTcndNMzBod2E2Y2ZSYTVWS21FSmxzc1lDZEZJU0E9PQ==?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR09MB9284.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(41320700013)(38070700018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?K25JMHNDRDVIMW91TjRxTVRqQ1hUbVluMG5yUXNNNjhvaE0vWnhaaFA0SFo5?= =?utf-8?B?R1d6d2xZaVFnS3dyamVjU2sycFFscjYyRkFwWjQ3V05MZlQ2cWxTUHNHZWpx?= =?utf-8?B?UGh4cHMxVU9vREhhc2FHbDN2am1aZG00dWlOcHN4bE9kSUtORFFzRWZCNTVw?= =?utf-8?B?NEJUMHZvbVhLMnpjczNkdTg4WG11Ui9hS2M5OFFoZTMrc01DMVlIY0U0eXhV?= =?utf-8?B?TUJWcFkvZUh2eVEwYlk4alBZN2x4V2Z4K3EvQlo3QVo4U09WY0p0NWl4b3Z3?= =?utf-8?B?VFF2QnNISTVqcVdRRENTTEJwcDljQ2VPNUNlcldId2M3eW5aNTJveE9xUlo0?= =?utf-8?B?VTZpZTJKQmowWjdGZXlqSFNYYnFwSHZhK2pCVVl6VExpYVZXRWJaYVBGcENP?= =?utf-8?B?emx3Y2VHbzVyNmhSSzdKMW5xT2dXNFB0bnU3TmwwNnNBQVNQOGtHUEw3dDdH?= =?utf-8?B?cUM2bGUxYkl4ejJGd3lIRUpURWIzVG4rWnViYkdJYVhRMGs4V1lxUXVQNlU0?= =?utf-8?B?dzBJSzZTTEVFc3FlY0txaitwb0VjZ0w5OE1mRnRtdGNUdHE3emV4WWl2K1RN?= =?utf-8?B?N3UzMFIvS0pzblNGL2thNy9pZi9mU1o3a3prb2pnVVdHZThtL2FjUGs4b084?= =?utf-8?B?TUpuL1ROcHBtQTVzZUEycFJQbytJSS9UeDNhN1YwOW9YRzJUdnRzSXp6U05j?= =?utf-8?B?c3c2UmJMRHc2LzZMR2NYQzk0Wmp2K040T2JwS210Y21MaTRXL2g1a01XeGJO?= =?utf-8?B?S3docmRFWWozdkk2ZVdXS0xHSnNaNGtPZGJlSXpWVUpJdU91K1NwdUlTZStt?= =?utf-8?B?UDRZS3R3ZGxTak1LQ2hrV0RCZVByQk1iQ1ZONjFseFZJdUw4YTZ0bVo0MTZ6?= =?utf-8?B?d0Z4RzFaNWVBWHp5MkZPQUhYN29INVFVTlkwWlEzYzY3UmNFR0tUV3VWdzNX?= =?utf-8?B?LzAwMWtEaldNTXd0T0Y3bE5admVFWFhyL2x6eU4ydFViUk9OME1yc05mR0N2?= =?utf-8?B?ZC9MZFNQdGQ2ZTA5U0JCSVI0VmN2K2JSSERIcE5tMlRBc013a09pN3ZvZVRN?= =?utf-8?B?TUJ1V01lR1pJQVlLZHJucnV3WndXNnlwSitzWlYvNmVoT2ZQQldwajlyeGlr?= =?utf-8?B?YmMyQ1BMc2RXVnZkbjRlQVFhNEc0N1N1TUluYUJEM1REenhMa3VXMzE0b2l0?= =?utf-8?B?cGxmbmg4MkhYczdvUFhmcStoNUV5SjJDMDR1OEJEN2t6UjU2d1QrOWZEZlh3?= =?utf-8?B?aWs5M3JUUmp3T0FJUXN6K2VGTEIvMmtzbG4vdHYwOVE3a2kwd05YL2Fsdnpa?= =?utf-8?B?enlpdGxHamJwYkFud1p5K29pU0lHYW9nWDdTbldGSmhBNVppOGZPSEtrcUxW?= =?utf-8?B?cG83VHB3WFJ2eHJ2eXdFb0VtZGtQdEdsckN1SmU1RG1QTkdubkZuaFhhUEh1?= =?utf-8?B?VjRTd2U4d1QzTkFZUllJSFhIZk1hV0pvTWZxZ002RW9mK1dKSjRNaWFqdXVF?= =?utf-8?B?VSt4a0wvTVU1QzYxTTVrNWpxS1JGZXJPMjd3ZHNRNi8zNTdlV01CQno0VUU3?= =?utf-8?B?cDFNZmlmdEtZSm41ZnF5akxTd3hJL1UxeHZHTnJ5SVJwWFhxdXBaZzY1NEZ6?= =?utf-8?B?Q2N1M296Ukt1V3dnSmZGVENqSklRMi9QUHoxUU95OVVzOEJFdDRyY1g3M0pM?= =?utf-8?B?YUVmajh3elpEekc3VFFaazJhMDlJd1lUbnh3QkJkODQwK01qV2gxNnRvTlpq?= =?utf-8?B?NzdLU0Z5aGZmc1grS0YwUGlHai9PVW9NSi83dTZ6RVoremJJeEFlR1l3RVJW?= =?utf-8?B?TUg4d3N5NExlamxhaHpWOHFZaWlIRTBpVytaUkkzMlBsL2JiWm5SaTcwUUhF?= =?utf-8?B?Q0ZZbTI3VzhtVms5dHE5dDBlU0kxVU1GRFVvckJVbk5jL1lQcE51ME1vc1JI?= =?utf-8?B?NUlOdnNVTmsvNmVQaXF4VVJVQkI0WjdHZS9IM0lmN0hRc2ZXT1V6Y2ZWNlM3?= =?utf-8?B?RmpWTTlnMmpkWWl1SlhleE50TE1HclQ0K3pqN2x3LzQ2c0RmcUZISXFFbzBT?= =?utf-8?B?NVF4UlBxR0dReWh6TE1sZkRSaytBYTVyMzFvOHR3M2kzQXp2eCt0aGVXMDdQ?= =?utf-8?Q?hp48=3D?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: redcom.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB9284.namprd09.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 050c7cc9-0133-49cc-b79c-08dc9b602484 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2024 13:00:41.1336 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 86200ba5-6348-4d6f-bdd7-96f43e8d9247 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR09MB6887 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.39 / 15.00]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.987]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f403::/49]; R_DKIM_ALLOW(-0.20)[redcomlaboratories.onmicrosoft.com:s=selector1-redcomlaboratories-onmicrosoft-com]; MIME_BASE64_TEXT(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[redcom.com]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; DKIM_TRACE(0.00)[redcomlaboratories.onmicrosoft.com:+] X-Rspamd-Queue-Id: 4WDfz220ryz4lw8 PiBGcm9tOiBEYWctRXJsaW5nIFNtw7hyZ3JhdiA8ZGVzQEZyZWVCU0Qub3JnPg0KPiBUaGUgYmFz ZSBzeXN0ZW0gdW5ib3VuZCBpcyBtZWFudCB0byBiZSB1c2VkIHdpdGggYSBjb25maWd1cmF0aW9u IGdlbmVyYXRlZCBieQ0KPiBgbG9jYWwtdW5ib3VuZC1zZXR1cGAsIHdoaWNoIG5ldmVyIGVuYWJs ZXMgdGhlIGBlZGVgIG9wdGlvbiB3aGljaCBpcyBhDQo+IHByZXJlcXVpc2l0ZSBmb3IgdGhlIERv UyBhdHRhY2sgZGVzY3JpYmVkIGluIENWRS0yMDI0LTE5MzEuDQoNClRoYW5rcyBmb3IgeW91ciBy ZXBseS4NCg0KTG9jYWxfdW5ib3VuZF9zZXR1cCBzdXBwb3J0cyBkcm9wcGluZyBhZGRpdGlvbmFs IGNvbmZpZyBmaWxlcyBpbiAvdmFyL3VuYm91bmQvY29uZi5kLCB3aGljaCB3aWxsIGJlIGxvYWRl ZCBieSB1bmJvdW5kLiAgRmlsZXMgaW4gdGhpcyBkaXJlY3RvcnkgYXJlIG5vdCBhbHRlcmVkIGJ5 IGxvY2FsX3VuYm91bmRfc2V0dXAuICBUaGlzIGltcGxpZXMsIHRvIG1lLCB0aGF0IGN1c3RvbWl6 YXRpb24gb2YgdGhlIGJhc2UgdW5ib3VuZCBpcyBzcGVjaWZpY2FsbHkgc3VwcG9ydGVkLCBtZWFu aW5nIGFueSBGcmVlQlNEIHNpdGUgY291bGQgcG90ZW50aWFsbHkgaGF2ZSBlZGUgZW5hYmxlZCwg YW5kIHRoZXJlZm9yZSBieSB2dWxuZXJhYmxlIHRvIHRoaXMgQ1ZFLg0KSXQncyBteSBvcGluaW9u IHRoYXQgdGhpcyB3YXJyYW50cyBhdCBsZWFzdCBhbiBhZHZpc29yeSBjYXV0aW9uaW5nIHVzZXJz IG9mIEZyZWVCU0Qgbm90IHRvIGVuYWJsZSBlZGUsIGlmIG5vdCBhIHBhdGNoIHRvIGFkZHJlc3Mg aXQuDQoNCi0gU3RldmUgV2FsbA0K