漏洞标题
libzvbi search.c 中 vbi_search_new 整数溢出漏洞
漏洞描述信息
在 libzvbi 0.2.43 及以下版本中发现了一个被归类为关键级别的漏洞。该漏洞影响文件 src/search.c 中的 vbi_search_new 函数。对参数 pat_len 的操作可能导致整数溢出。攻击者可以在远程发起此漏洞。该漏洞的利用细节已被公开披露,存在被利用的风险。升级到 0.2.44 版本可以解决此问题。补丁标识为 ca1672134b3e2962cd392212c73f44f8f4cb489f。建议升级受影响的组件。代码维护人员事先已被告知这些问题,并且反应迅速且专业。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
整数溢出或超界折返
漏洞标题
libzvbi search.c vbi_search_new integer overflow
漏洞描述信息
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
漏洞类别
整数溢出或超界折返