]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02005c8) | patch
ofono: fix CVE-2023-4235
authorArchana Polampalli <archana.polampalli@windriver.com>
Fri, 11 Jul 2025 11:33:13 +0000 (17:03 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:04:59 +0000 (09:04 -0700)
commit3a3519324ec390044ff9f97c0f32027782699124
tree3ce5a8236a35776aba55f121394f06c03ad0ae67tree | snapshot
parent02005c81a55930d9f57d44674cdc5eb6171c8c76commit | diff
ofono: fix CVE-2023-4235

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_deliver_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_deliver_report().

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch [new file with mode: 0644] blob
meta/recipes-connectivity/ofono/ofono_1.34.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core