Actions
Security #4420
closedHeap-use-after-free READ 8 · JsonDNP3LoggerToClient
Git IDs:
Severity:
Disclosure Date:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31549
Use after realloc
DNP3 seems the only one to use OutputJsonBuilderBuffer
dangerously
Updated by Jeff Lucovsky over 3 years ago
- Copied from Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient added
Updated by Jason Ish about 3 years ago
The commit's to master are not applicable to 6.0 as master was fixed due to some other refactoring. For 6.0.x we can use Philippe's original fix for this issue:
Updated by Jason Ish about 3 years ago
Fix for 6.0.3: https://gitlab.oisf.net/dev/suricata/-/merge_requests/213
Updated by Jason Ish about 3 years ago
- Status changed from Assigned to In Review
Updated by Shivani Bhardwaj about 3 years ago
- Assignee changed from Shivani Bhardwaj to Jason Ish
Updated by Victor Julien about 3 years ago
- Status changed from In Review to Closed
Actions