]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 635fc63) | patch
ofono: fix CVE-2023-4232
authorArchana Polampalli <archana.polampalli@windriver.com>
Fri, 11 Jul 2025 11:33:12 +0000 (17:03 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:04:59 +0000 (09:04 -0700)
commit02005c81a55930d9f57d44674cdc5eb6171c8c76
treeb14567f2233825b3860b1de055a40ff36922f761tree
parent635fc639a13a6b28cac5c67cff23b7f4477bc41ccommit | diff
ofono: fix CVE-2023-4232

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_status_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_status_report().

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch [new file with mode: 0644] blob
meta/recipes-connectivity/ofono/ofono_1.34.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib