libfetch/fetch.c · 6941f8bd61a31b9a03d1375243b21ddf28f5aa13 · Sertonix / apk-tools

Forked from alpine / apk-tools

Source project has a limited visibility.

3 years ago

libfetch: fix range checking for http/ftp protocol parsing · ca1d975e

Timo Teräs authored 3 years ago


Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>

ca1d975e

History

libfetch: fix range checking for http/ftp protocol parsing

Timo Teräs authored 3 years ago


Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>