In the Linux kernel, the following vulnerability has been resolved:
tipc: guard against string buffer overrun
Smatch reports that copying media_name and if_name to name_parts may
overwrite the destination.
.../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16)
.../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16)
This does seem to be the case so guard against this possibility by using
strscpy() and failing if truncation occurs.
Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge")
Compile tested only.
CVSS
No CVSS.
References
Configurations
No configuration.
History
21 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-21 18:15
Updated : 2024-10-21 18:15
NVD link : CVE-2024-49995
Mitre link : CVE-2024-49995
CVE.ORG link : CVE-2024-49995
JSON object : View
Products Affected
No product.
CWE
No CWE.