Re: CVE-2024-22857: Heap Based Buffer overflow in zlog library

Re: CVE-2024-22857: Heap Based Buffer overflow in zlog library

Open Source Security [[{„value“:“

Posted by Ali Raza Mumtaz on Feb 29

Size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a
check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow.
An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get
arbitrary code execution.

patch:…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert