View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009323 | GNUnet | util library | public | 2024-11-04 17:04 | 2024-11-14 09:43 |
| Reporter | fefe | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Target Version | 0.23.0 | ||||
| Summary | 0009323: GNUNET_DNSPARSER_builder_add_cert: integer overflow | ||||
| Description | 1147 if (*off + sizeof(struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > 1148 dst_len) 1149 return GNUNET_NO; off and cert are function arguments and could be garbage or malicious when the caller was tricked somehow. *off and certificate_size are size_t so there are multiple integer overflow opportunities here that should be checked carefully. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-11-04 17:04 | fefe | New Issue | |
| 2024-11-04 19:26 | schanzen | Target Version | => 0.22.3 |
| 2024-11-05 09:16 | schanzen | Note Added: 0023666 | |
| 2024-11-05 09:16 | schanzen | Status | new => resolved |
| 2024-11-05 09:16 | schanzen | Resolution | open => fixed |
| 2024-11-05 09:16 | schanzen | Assigned To | => schanzen |
| 2024-11-14 09:43 | schanzen | Target Version | 0.22.3 => 0.23.0 |
