15 May
2022
15 May
'22
5:14 a.m.
On Wed, May 11, 2022 at 08:25:37PM +0000, zi0Black wrote:
Hi to every one,
The current fix for the vulnerability identified via CVE-2019-14196 is not effective and a buffer overflow is still possible. Please refer to my comment posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on github.
https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f2...
Interesting analysis. I'm a bit disappointed they didn't report this upstream themselves. A patch would be appreciated, thanks.
--
Tom