Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.
d82d1245d8c7ce45caa059dbffc4d0bb4951f3f0b19756cc6dad5c14c2fa28a4
Ubuntu Security Notice USN-335-1 - Yan Rong Ge discovered that heartbeat did not sufficiently verify some packet input data, which could lead to an out-of-boundary memory access. A remote attacker could exploit this to crash the daemon (Denial of Service).
10b5c007fe31344262afb6cdf2244273a82b0015a9dc9facad3621e9b7c8e64b
Debian Security Advisory 1151-1 - Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service.
bc7ac50270b3e72f5f9f60d85ca93e54c051d1c403cc557ed7c6756c29662efe
Mandriva Linux Security Advisory MDKSA-2006-142 - Two vulnerabilities by Yan Rong Ge in heartbeat versions prior to 2.0.6.
04d7f5ca9d6aa8ae64008e2cb9bd5f9818095ca624edba2f81118c1dd6a64420