HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir
2023-12-13 07:21:20 Author: seclists.org(查看原文) 阅读量:8 收藏
2023-12-13 07:21:20 Author: seclists.org(查看原文) 阅读量:8 收藏
Full Disclosure mailing list archives
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 4 Dec 2023 11:50:59 +0100
Hi, Please find attached a security advisory that describes some buffer overflow vulnerabilities we discovered in TinyDir. * Title: Buffer overflow vulnerabilities with long path names in TinyDir * Product: TinyDir <= 1.2.5 * Author: Marco Ivaldi <marco.ivaldi () hnsecurity it> * Date: 2023-12-04 * CVE ID: CVE-2023-49287 * Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * Vendor URL: https://github.com/cxong/tinydir * Advisory URL: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf The advisory is also available at: https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt Regards, -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
Attachment:
HNS-2023-04-tinydir.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir Marco Ivaldi (Dec 12)
文章来源: https://seclists.org/fulldisclosure/2023/Dec/14
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh