Ineffective fix of CVE-2019-14196

zi0Black zi0Black at protonmail.com
Wed May 11 22:25:37 CEST 2022


Hi to every one,

The current fix for the vulnerability identified via CVE-2019-14196 is not effective and a buffer overflow is still possible. Please refer to my comment posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on github.

https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96



Regards,

zi0Black
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 509 bytes
Desc: OpenPGP digital signature
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220511/3a9389bc/attachment.sig>


More information about the U-Boot mailing list