diff options
| author | Charles Fol <folcharles@gmail.com> | 2024-03-28 12:25:38 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-04-17 09:21:40 -0300 |
| commit | f9dc609e06b1136bb0408be9605ce7973a767ada (patch) | |
| tree | 037b3b21761d32ad3aa4c25907075959c4ed5508 /iconvdata/georgian-academy.c | |
| parent | 59974938fe1f4add843f5325f78e2a7ccd8db853 (diff) | |
| download | glibc-f9dc609e06b1136bb0408be9605ce7973a767ada.zip glibc-f9dc609e06b1136bb0408be9605ce7973a767ada.tar.gz glibc-f9dc609e06b1136bb0408be9605ce7973a767ada.tar.bz2 | |
iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922). While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
Checked on aarch64-linux-gnu.
Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'iconvdata/georgian-academy.c')
0 files changed, 0 insertions, 0 deletions