You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Location 1
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Possible fix
use of snprintf in this specific case:
snprintf(qualifiedName, sizeof(qualifiedName), "%s/%s", curSubdir, filename);
If you think this is eligible I would like to apply for CVE-id recognition.
The text was updated successfully, but these errors were encountered:
VINSERTF128
changed the title
Missing boundary check in before sprintf in process_file function
Missing boundary check before sprintf in process_file function
May 7, 2024
Title
Missing boundary check before sprintf in process_file function
Severity
High
Difficulty
Low
Type
Security Issue
Target
components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Description
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Location 1
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
rt-thread/components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
Line 728 in 7245dbd
Location 2
rt-thread/components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Line 923 in 7245dbd
Exploit Scenario
Recommendations
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.
Possible fix
use of snprintf in this specific case:
snprintf(qualifiedName, sizeof(qualifiedName), "%s/%s", curSubdir, filename);
Or update the lwip
Permalink:
rt-thread/components/net/lwip/lwip-2.0.3/src/apps/httpd/makefsdata/makefsdata.c
Line 728 in 7245dbd
rt-thread/components/net/lwip/lwip-2.1.2/src/apps/http/makefsdata/makefsdata.c
Line 923 in 7245dbd
If you think this is eligible I would like to apply for CVE-id recognition.
The text was updated successfully, but these errors were encountered: