View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009323 | GNUnet | util library | public | 2024-11-04 17:04 | 2024-11-14 09:43 |
Reporter | fefe | Assigned To | schanzen | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | resolved | Resolution | fixed | ||
Target Version | 0.23.0 | ||||
Summary | 0009323: GNUNET_DNSPARSER_builder_add_cert: integer overflow | ||||
Description | 1147 if (*off + sizeof(struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > 1148 dst_len) 1149 return GNUNET_NO; off and cert are function arguments and could be garbage or malicious when the caller was tricked somehow. *off and certificate_size are size_t so there are multiple integer overflow opportunities here that should be checked carefully. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2024-11-04 17:04 | fefe | New Issue | |
2024-11-04 19:26 | schanzen | Target Version | => 0.22.3 |
2024-11-05 09:16 | schanzen | Note Added: 0023666 | |
2024-11-05 09:16 | schanzen | Status | new => resolved |
2024-11-05 09:16 | schanzen | Resolution | open => fixed |
2024-11-05 09:16 | schanzen | Assigned To | => schanzen |
2024-11-14 09:43 | schanzen | Target Version | 0.22.3 => 0.23.0 |