* Ineffective fix of CVE-2019-14196
@ 2022-05-11 20:25 zi0Black
2022-05-15 3:14 ` Tom Rini
0 siblings, 1 reply; 2+ messages in thread
From: zi0Black @ 2022-05-11 20:25 UTC (permalink / raw)
To: u-boot
[-- Attachment #1.1.1: Type: text/plain, Size: 359 bytes --]
Hi to every one,
The current fix for the vulnerability identified via CVE-2019-14196 is not effective and a buffer overflow is still possible. Please refer to my comment posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on github.
https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
Regards,
zi0Black
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 509 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-15 3:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-11 20:25 Ineffective fix of CVE-2019-14196 zi0Black
2022-05-15 3:14 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.