oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir

From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 4 Dec 2023 11:50:59 +0100
Hi,

Please find attached a security advisory that describes some buffer
overflow vulnerabilities we discovered in TinyDir.

* Title: Buffer overflow vulnerabilities with long path names in TinyDir
* Product: TinyDir <= 1.2.5
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-12-04
* CVE ID: CVE-2023-49287
* Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* Vendor URL: https://github.com/cxong/tinydir
* Advisory URL:
https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf

The advisory is also available at:
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt

Regards,

-- 
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."

Attachment: HNS-2023-04-tinydir.txt
Description:

Previous By Date Next
Previous By Thread Next

Current thread: