Re: [Gptfdisk-general] Out of bounds write in ReadLogicalParts of basicmbr.cc (CVE-2021-0308)
Brought to you by:
srs5694
Menu
▾
▴
Re: [Gptfdisk-general] Out of bounds write in ReadLogicalParts of basicmbr.cc (CVE-2021-0308)
|
From: Rod S. <rod...@ro...> - 2021-01-13 16:20:55
|
On 1/12/21 3:03 AM, Jonas Witschel wrote: > Hi, > > according to [1], a possible out of bounds write was found in GPT fdisk. This > has been patched downstream in Android [2] and the patch is available at [3]. > However, I couldn't find this commit or an equivalent workaround in the > upstream repository on SourceForge [4]. Should the patch be applied upstream as > well? I really wish somebody from Google had contacted me about that, but they didn't, so thanks for alerting me to it. I've just made that change to the git repo. (It shows up now in your [4] link.) I'm also preparing a 1.0.6 release; I'll probably push that later today. > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0308 > [2] https://source.android.com/security/bulletin/2021-01-01 > [3] https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5%5E! > [4] https://sourceforge.net/p/gptfdisk/code/ci/master/tree/basicmbr.cc#l293 > > > > _______________________________________________ > Gptfdisk-general mailing list > Gpt...@li... > https://lists.sourceforge.net/lists/listinfo/gptfdisk-general > -- Rod Smith rod...@ro... http://www.rodsbooks.com |
