Описание
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| falcosecurity-libs | fixed | 0.14.1-1 | package | |
| falcosecurity-libs | no-dsa | bookworm | package | |
| gemmi | fixed | 0.6.4+ds-1 | package | |
| gemmi | no-dsa | bookworm | package |
Примечания
https://www.openwall.com/lists/oss-security/2023/12/04/1
https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d (1.2.6)
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt
gemmi: https://github.com/project-gemmi/gemmi/issues/292
gemmi: https://github.com/project-gemmi/gemmi/commit/e142eff1fec1475b62b2ab5e88d3a50b4d7450b5 (v0.6.4)
lwip embeds a copy of tinydir, but it's unused, see bug #1059259
EPSS
Связанные уязвимости
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
Уязвимость функции tinydir_file_open() программного средства чтения файлов TinyDir, позволяющая нарушителю выполнить произвольный код
EPSS