Ineffective fix of CVE-2019-14196
Tom Rini
trini at konsulko.com
Sun May 15 05:14:32 CEST 2022
On Wed, May 11, 2022 at 08:25:37PM +0000, zi0Black wrote:
> Hi to every one,
>
> The current fix for the vulnerability identified via CVE-2019-14196 is not effective and a buffer overflow is still possible. Please refer to my comment posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on github.
>
> https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
Interesting analysis. I'm a bit disappointed they didn't report this
upstream themselves. A patch would be appreciated, thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220514/245ede93/attachment.sig>
More information about the U-Boot
mailing list