mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-03-12 02:09:39 +01:00

Commit Graph

Author	SHA1	Message	Date
Archana Polampalli	a1fab4c1a9	rsync: fix CVE-2024-12084 A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (From OE-Core rev: 17fac276e27af19b00b6263f22156a55bae6a5c9) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-01-24 07:49:28 -08:00

Author

SHA1

Message

Date

Archana Polampalli

a1fab4c1a9

rsync: fix CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due
to improper handling of attacker-controlled checksum lengths (s2length) in the code.
When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write
out of bounds in the sum2 buffer.

(From OE-Core rev: 17fac276e27af19b00b6263f22156a55bae6a5c9)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-01-24 07:49:28 -08:00

1 Commits