Actions
Security #7861
closeddetect: Dynamic-stack-buffer-overflow in ShortenString
Git IDs:
Severity:
HIGH
Disclosure Date:
11/03/2025
Description
Found by oss-fuzz:
https://issues.oss-fuzz.com/u/1/issues/436119686
Not affecting 7 because there is no 29-char keyword like ldap.responsEs.attribute_type in 8
Cause of overflow is ShortenString not handling a buffer of size 0
But bigger question is why DetectBufferMpmRegistry has 2 fields name and pname ?
Actions