oss-sec mailing list archives
HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 4 Dec 2023 11:50:59 +0100
Hi, Please find attached a security advisory that describes some buffer overflow vulnerabilities we discovered in TinyDir. * Title: Buffer overflow vulnerabilities with long path names in TinyDir * Product: TinyDir <= 1.2.5 * Author: Marco Ivaldi <marco.ivaldi () hnsecurity it> * Date: 2023-12-04 * CVE ID: CVE-2023-49287 * Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * Vendor URL: https://github.com/cxong/tinydir * Advisory URL: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf The advisory is also available at: https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt Regards, -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
Attachment:
HNS-2023-04-tinydir.txt
Description:
Current thread:
- HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir Marco Ivaldi (Dec 04)