Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix possible format str vuln #353

Merged
merged 1 commit into from Sep 11, 2022

Conversation

utoni
Copy link
Contributor

@utoni utoni commented Sep 10, 2022

This can happen if the packet which get's dumped contains ascii characters like %s,%c,%p,...

@utoni utoni mentioned this pull request Sep 10, 2022
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
@utoni utoni force-pushed the fix/possible-format-str-exploit branch from 8ee33fc to b19f8a6 Compare September 10, 2022 10:54
@utoni utoni changed the title fix possible format str exploit fix possible format str vuln Sep 10, 2022
@yrutschle yrutschle merged commit 9a36854 into yrutschle:master Sep 11, 2022
@yrutschle
Copy link
Owner

thanks for the fix!

@jubalh
Copy link

jubalh commented Dec 22, 2022

Apparently this got assigned CVE-2022-4639 even though no stable version is affected. Only the release candidate v2.0-rc1 contains the code introduced in e5f16b9.

@yrutschle
Copy link
Owner

Thanks for the heads-up. I don't know how to feel about sslh's first CVE...
I'll release a rc2 with the fix (I want to further investigaute #368 before producing an actual release)

@yrutschle
Copy link
Owner

Here, it's tagged and published!
https://lists.rutschle.net/mailman/archives/sslh/2022-December/000753.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants