]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
dropbear: fix CVE-2023-36328
authorYogita Urade <yogita.urade@windriver.com>
Wed, 6 Sep 2023 16:25:54 +0000 (16:25 +0000)
committerSteve Sakoman <steve@sakoman.com>
Thu, 7 Sep 2023 13:20:27 +0000 (03:20 -1000)
commit38709b0d35e7bd6760285bfa926dc85985c5cdcd
tree17c653a213ae17afc9c1b607490ede914e95e9d1
parentebb224e65a7e1402ccf0d9517bd72748c18e012e
dropbear: fix CVE-2023-36328

Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/dropbear/dropbear.inc
meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch [new file with mode: 0644]