Possible buffer overflow in client library in Attachment::getInfo() call [CORE6432] #6669
Labels
affect-version: 2.5.9
affect-version: 3.0.0
affect-version: 3.0.1
affect-version: 3.0.2
affect-version: 3.0.3
affect-version: 3.0.4
affect-version: 3.0.5
affect-version: 3.0.6
affect-version: 3.0.7
affect-version: 4.0 Alpha 1
affect-version: 4.0 Beta 1
affect-version: 4.0 Beta 2
affect-version: 4.0 Initial
component: api / client library
fix-version: 3.0.8
fix-version: 4.0 RC 1
priority: major
qa: cannot be tested
type: bug
Submitted by: @AlexPeshkoff
The loop in merge.cpp:72 expects the `in` buffer to eventually contain either isc_info_end, isc_info_truncated or isc_info_implementation, and will otherwise read out of buffer bounds with good chance for access violation.
With correctly working providers chances to get that error are very low, but it can happen in case of bug in provider (on server) or malware server replacement (on client).
Commits: ea6dc2a f88c95a
The text was updated successfully, but these errors were encountered: