You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Buffer overflow in mg_resolve_from_hosts_file function (line 124) in mongoose/src/mg_resolv.c in Mongoose 6.18, where sscanf copies data from p to alias without limiting the size of the copied data not to exceed the alias array size, which is 256. Note that p can be up to 1024 (minus the IP digits) and is copied from a tainted file. This bug can be triggered by a malformed hosts file that includes a hostname that is larger than 256.
One way to fix this bug is by adding the format width specifier
for (p = line + len; sscanf(p, "%255ss%n", alias, &len) == 1; p += len) {
The text was updated successfully, but these errors were encountered:
Buffer overflow in mg_resolve_from_hosts_file function (line 124) in mongoose/src/mg_resolv.c in Mongoose 6.18, where sscanf copies data from p to alias without limiting the size of the copied data not to exceed the alias array size, which is 256. Note that p can be up to 1024 (minus the IP digits) and is copied from a tainted file. This bug can be triggered by a malformed hosts file that includes a hostname that is larger than 256.
One way to fix this bug is by adding the format width specifier
for (p = line + len; sscanf(p, "%255ss%n", alias, &len) == 1; p += len) {
The text was updated successfully, but these errors were encountered: