Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Vulnerability - Action Required: Overflow may in the newest version of the Logan #526

Open
Crispy-fried-chicken opened this issue Aug 24, 2024 · 2 comments · May be fixed by #527

Comments

@Crispy-fried-chicken
Copy link

您的项目中Logan/mbedtls/library/x509_create.c 文件下的mbedtls_x509_set_extension函数存在overflow的风险,如果在调用该函数时给val_len赋值为0xFFFFFFFF,就会造成内部溢出会导致分段错误。这和最近披露的CVE-2024-23775所述十分相似(https://github.com/Mbed-TLS/mbedtls/issues/8687)。
考虑到其可能存在的潜在风险,我愿意配合您以负责任的方式及时核实、解决和报告发现的漏洞。 如果您需要任何进一步的信息或帮助,请随时与我联系。如果需要,我也可以提交PR帮助您修复。 谢谢您,期待尽快收到您的回复!

@Crispy-fried-chicken Crispy-fried-chicken changed the title Security Vulnerability - Action Required: Overflow may in the newest version of the RetroArch Security Vulnerability - Action Required: Overflow may in the newest version of the Logan Aug 24, 2024
@Richard-Cao
Copy link
Member

Richard-Cao commented Aug 26, 2024

PR一波?mbedtls是引过来的三方库,现在来看版本太老了,是不是升级一波就能修复了

@Crispy-fried-chicken
Copy link
Author

@Richard-Cao 我已经PR了,直接升级一波担心会有什么兼容性问题?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants