Please sign in to comment.
Fix possible stack overflows in decoder for illegal bit streams
Fixes CVE-2018-0429 A vulnerability in the Thor decoder (available at: https://github.com/cisco/thor) could allow an authenticated, local attacker to cause segmentation faults and stack overflows when using a non-conformant Thor bitstream as input. The vulnerability is due to lack of input validation when parsing the bitstream. A successful exploit could allow the attacker to cause a stack overflow and potentially inject and execute arbitrary code.
- Loading branch information...
Showing with 2 additions and 1 deletion.