CHANGES and release notes for CVE-2022-2881 [GL #3493]

diff --git a/CHANGES b/CHANGES
index a533cbe04f7683de37917efc3a3d59faa7990751..7567fdca1eb08c57783b94b7dbb174aa9effbfb9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,7 +6,12 @@
 
 5959.  [placeholder]
 
-5958.  [placeholder]
+5958.  [security]      When an HTTP connection was reused to get
+                       statistics from the stats channel, and zlib
+                       compression was in use, each successive
+                       response sent larger and larger blocks of memory,
+                       potentially reading past the end of the allocated
+                       buffer. (CVE-2022-2881) [GL #3493]
 
 5957.  [security]      Prevent excessive resource use while processing large
                        delegations. (CVE-2022-2795) [GL #3394]

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 3411d2448dd1a2b9866bf9a8c12c68e6b23e584f..b6663798cbeabc0bea619a173d428bfe43d9c285 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -24,6 +24,11 @@ Security Fixes
   Bremler-Barr & Shani Stajnrod from Reichman University for bringing
   this vulnerability to our attention. :gl:`#3394`
 
+- When an HTTP connection was reused to request statistics from the
+  stats channel, the content length of successive responses could grow
+  in size past the end of the allocated buffer. This has been fixed.
+  (CVE-2022-2881) :gl:`#3493`
+
 Known Issues
 ~~~~~~~~~~~~