Buffer overflow in getaddrinfo()

Description

A buffer overflow has been found in getaddrinfo(). Patch with fix has been provided by reporter in https://github.com/zephyrproject-rtos/zephyr/pull/6158

This seems to affect older versions, so backporting to 1.10 and 1.9 is advisable.

Due to the severity (externally controllable), I would even assign a CVE number.

Environment

None

Activity

Show:
Leandro Pereira
February 13, 2018, 6:10 PM

A backport to 1.10 has been provided. Awaiting a point release.

Leandro Pereira
February 21, 2018, 9:17 PM

Patch has been applied to 1.11 (HEAD) and will be available in the next 1.10 point release.

Andy Gross
June 5, 2018, 8:05 PM

Added affected versions and CVE. Release 1.11.0 contains fix. However, we don't have the issue in any 1.9.X and 1.10.X point release at this time.

Done

Assignee

Leandro Pereira

Reporter

Leandro Pereira

Labels

None

Authorized viewers

Maureen Helm

CVE

CVE-2017-14199

Embargo Lift

None

Fix versions

Affects versions

Priority

High
Configure