projects / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c3ebe6c) | patch
local-CVE-2024-2961-iso-2022-cn-ext
authorGNU Libc Maintainers <debian-glibc@lists.debian.org>
Tue, 30 Apr 2024 21:07:28 +0000 (23:07 +0200)
committerAurelien Jarno <aurel32@debian.org>
Tue, 30 Apr 2024 21:07:28 +0000 (23:07 +0200)
commitef899d5c4144b4f6f082952a4de0d6de7cebc3dd
treefb2d4e5be7aef3a33fd523491514f2ad953bc3b3tree | snapshot
parentc3ebe6ce1f461f0f047c054d98fc02e4408cdb9bcommit | diff
local-CVE-2024-2961-iso-2022-cn-ext

commit 4ed98540a7fd19f458287e783ae59c41e64df7b5
Author: Charles Fol <folcharles@gmail.com>
Date:   Thu Mar 28 12:25:38 2024 -0300

    iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)

    ISO-2022-CN-EXT uses escape sequences to indicate character set changes
    (as specified by RFC 1922).  While the SOdesignation has the expected
    bounds checks, neither SS2designation nor SS3designation have its;
    allowing a write overflow of 1, 2, or 3 bytes with fixed values:
    '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

    Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
    (cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada)

Gbp-Pq: Topic any
Gbp-Pq: Name local-CVE-2024-2961-iso-2022-cn-ext.diff
iconvdata/Makefile diff | blob | history
iconvdata/iso-2022-cn-ext.c diff | blob | history
iconvdata/tst-iconv-iso-2022-cn-ext.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.