Hi Fabio,
Le 09/10/2025 à 14:16, Fabio Estevam a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
On Thu, Oct 9, 2025 at 6:27 AM Philippe Reynes
<[email protected]> wrote:
From: Paul HENRYS <[email protected]>
CVE-2024-42040 describes a possible buffer overflow when calling
bootp_process_vendor() in bootp_handler() since the total length
of the packet is passed to bootp_process_vendor() without being
reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
The packet length is also checked against its minimum size to avoid
reading data from struct bootp_hdr outside of the packet length.
From: Paul HENRYS <[email protected]>
You don't need to duplicate the From line here.
ok, I have removed it in the v2
Signed-off-by: Paul HENRYS <[email protected]>
You missed your Signed-off-by tag.
ok, I have added it in the v2
Thanks for the feedback,
Regards,
Philippe
