Hi Philippe, On Thu, Oct 9, 2025 at 6:27 AM Philippe Reynes <[email protected]> wrote: > > From: Paul HENRYS <[email protected]> > > CVE-2024-42040 describes a possible buffer overflow when calling > bootp_process_vendor() in bootp_handler() since the total length > of the packet is passed to bootp_process_vendor() without being > reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4). > > The packet length is also checked against its minimum size to avoid > reading data from struct bootp_hdr outside of the packet length. > > From: Paul HENRYS <[email protected]>
You don't need to duplicate the From line here. > Signed-off-by: Paul HENRYS <[email protected]> You missed your Signed-off-by tag.
