fs: fuse: buffer overflow vulnerability in the Zephyr FS

Summary

Possible buffer overflow in is_mount_point:
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/fs/fuse_fs_access.c#L69

Details

If the string passed via path parameter is PATH_MAX long, sprintf will overflow dir_path by one byte.

static bool is_mount_point(const char *path)
{
    char dir_path[PATH_MAX];

    sprintf(dir_path, "%s", path);
    return strcmp(dirname(dir_path), "/") == 0;
}

Patches

main: #66592

embargo: 2024-02-20

For more information

If you have any questions or comments about this advisory:

Open an issue in zephyr
Email us at Zephyr-vulnerabilities

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fs: fuse: buffer overflow vulnerability in the Zephyr FS

Package

Affected versions

Patched versions

Description

Summary

Details

Patches

For more information

Severity

CVSS base metrics

CVE ID

Weaknesses

Credits