Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed unbounded write and check return values of sscanf #1306

Merged
merged 2 commits into from
Apr 29, 2023

Conversation

szsam
Copy link
Contributor

@szsam szsam commented Apr 22, 2023

Format string "%s" that does not control the length of data written may overflow.

szsam added 2 commits April 22, 2023 00:03
Format string "%s" that does not control the length of data
written may overflow.
Failing to check that a call to 'scanf' actually writes to an output
variable can lead to unexpected behavior at reading time.
@szsam szsam changed the title Fix unbounded write of sscanf Fix unbounded write and check return values of sscanf Apr 22, 2023
@Nightwalker-87 Nightwalker-87 added this to the v1.8.0 milestone Apr 23, 2023
@Nightwalker-87 Nightwalker-87 changed the title Fix unbounded write and check return values of sscanf Fixed unbounded write and check return values of sscanf Apr 23, 2023
@Machiry
Copy link

Machiry commented Apr 24, 2023

This looks like a security vulnerability. Should there be a CVE associated with this?

@Nightwalker-87
Copy link
Member

@Machiry I'm not sure how relevant this is with respect to the use case of this software.
As we will not patch older versions due to compatibility issues in the codebase, it appears more reasonable to move forward towards a new release which includes this fix.

@Nightwalker-87 Nightwalker-87 merged commit c48d117 into stlink-org:develop Apr 29, 2023
@stlink-org stlink-org locked as resolved and limited conversation to collaborators Apr 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
No open projects
Status: Done
Development

Successfully merging this pull request may close these issues.

4 participants