| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM+3YVqkFqtQ2ZBLFgPg6+=SxV_bcZb_3ZgLQ0V5H-JOqRZ--w@mail.gmail.com>
Date: Mon, 4 Dec 2023 11:50:59 +0100
From: Marco Ivaldi <raptor@...eadbeef.info>
To: fulldisclosure@...lists.org, oss-security@...ts.openwall.com,
submissions@...ketstormsecurity.com
Subject: [FD] HNS-2023-04 - HN Security Advisory - Buffer overflow
vulnerabilities with long path names in TinyDir
Hi,
Please find attached a security advisory that describes some buffer
overflow vulnerabilities we discovered in TinyDir.
* Title: Buffer overflow vulnerabilities with long path names in TinyDir
* Product: TinyDir <= 1.2.5
* Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
* Date: 2023-12-04
* CVE ID: CVE-2023-49287
* Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* Vendor URL: https://github.com/cxong/tinydir
* Advisory URL:
https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
The advisory is also available at:
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt
Regards,
--
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
View attachment "HNS-2023-04-tinydir.txt" of type "text/plain" (11249 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists