CHANGES and release notes for CVE-2022-2881 [GL #3493]

(cherry picked from commit 430ee6c4271e68a2bbb8163ed0e1d2e37fbe3d5d)

diff --git a/CHANGES b/CHANGES
index 059cc4a1b6970db222fcaabd0b1c4a8e6c6c15a9..a8cf9b21e8fc1382f894b7e5955a3c352c398d58 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+5958.  [security]      When an HTTP connection was reused to get
+                       statistics from the stats channel, and zlib
+                       compression was in use, each successive
+                       response sent larger and larger blocks of memory,
+                       potentially reading past the end of the allocated
+                       buffer. (CVE-2022-2881) [GL #3493]
+
 5957.  [security]      Prevent excessive resource use while processing large
                        delegations. (CVE-2022-2795) [GL #3394]
 

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 020cfd08ba3309a33e067b579cbd11ee0dd1784f..f0bd64c74c8804fad6924ddef2d30841c6566e36 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -24,6 +24,11 @@ Security Fixes
   Bremler-Barr & Shani Stajnrod from Reichman University for bringing
   this vulnerability to our attention. :gl:`#3394`
 
+- When an HTTP connection was reused to request statistics from the
+  stats channel, the content length of successive responses could grow
+  in size past the end of the allocated buffer. This has been fixed.
+  (CVE-2022-2881) :gl:`#3493`
+
 Known Issues
 ~~~~~~~~~~~~