Skip to content

Off-by-one error in Antelope DBMS

Low
joakimeriksson published GHSA-257g-w39m-5jj4 Apr 26, 2023

Package

Antelope

Affected versions

<= 4.8

Patched versions

None

Description

Impact

An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions storage_get_index and storage_put_index, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size.

Patches

The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be incuded in the next release.

Workarounds

The problem can be fixed by applying the patch in Contiki-NG pull request #2425.

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/contiki-ng/contiki-ng
Email us at security@contiki-ng.org

Severity

Low

CVE ID

CVE-2023-30546

Credits