]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: cfd74f2) | patch
bluez: fix CVE-2021-3588
authorSteve Sakoman <steve@sakoman.com>
Wed, 14 Jul 2021 15:30:20 +0000 (05:30 -1000)
committerSteve Sakoman <steve@sakoman.com>
Wed, 14 Jul 2021 15:33:43 +0000 (05:33 -1000)
commit569362f338736a1c85f090909a9893d019bfce5d
treebfa1ba96428c23bb2bfb52086a31c66abef69ad2tree | snapshot
parentcfd74f2bae51413d9c327e0f08ecf751325c2d74commit | diff
bluez: fix CVE-2021-3588

The cli_feat_read_cb() function in src/gatt-database.c does not perform
bounds checks on the 'offset' variable before using it as an index into
an array for reading

https://nvd.nist.gov/vuln/detail/CVE-2021-3588

Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/bluez5/bluez5.inc diff | blob | history
meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository