Hi Sascha,
Thanks for your work. I noticed that if the device does not use DMA,
it will probably have this problem. Yes, what you mentioned the
smc9 driver has the same vulnerability. However, I didn't check
them carefully for each device driver.
Best
Sascha Hauer 于2024年5月27日周一 09:41写道:
>
Hi,
On Thu, May 23, 2024 at 06:51:01PM +0200, jianqiang wang wrote:
> Dear Barebox devlopers,
>
> I found several heap overflow vulnerabilities in Barebox.
>
> The Barebox implementation assumes that the network packet received is
> less than PKTSIZE, that is 1536 bytes. For example, the
Dear Barebox devlopers,
I found several heap overflow vulnerabilities in Barebox.
The Barebox implementation assumes that the network packet received is
less than PKTSIZE, that is 1536 bytes. For example, the /net/net.c
file ping_reply function assumes that the packet received is 1536
bytes and