On Wed, May 11, 2022 at 08:25:37PM +0000, zi0Black wrote: > Hi to every one, > > The current fix for the vulnerability identified via CVE-2019-14196 is not > effective and a buffer overflow is still possible. Please refer to my comment > posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on github. > > https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
Interesting analysis. I'm a bit disappointed they didn't report this upstream themselves. A patch would be appreciated, thanks. -- Tom
signature.asc
Description: PGP signature
