tftpy: fix CVE-2023-46566

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-17 22:48:28 +00:00 · 2025-04-24 15:24:40 +00:00
parent a4c57ecb8c
commit efe887a5b8
2 changed files with 28 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
+++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
@@ -0,0 +1,26 @@
+From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
+From: Dave Wapstra <dwapstra@cisco.com>
+Date: Wed, 3 Jul 2024 14:32:58 +1200
+Subject: [PATCH] Add packet size check
+
+CVE: CVE-2023-46566
+
+Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
+---
+ tftpy/TftpPacketFactory.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
+index 41f39a9..a8c9cd0 100644
+--- a/tftpy/TftpPacketFactory.py
+++ b/tftpy/TftpPacketFactory.py
+@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
+         """This method is used to parse an existing datagram into its
+         corresponding TftpPacket object. The buffer is the raw bytes off of
+         the network."""
+        tftpassert(len(buffer) > 2, 'Invalid packet size')
+         log.debug("parsing a %d byte packet" % len(buffer))
+         (opcode,) = struct.unpack(str("!H"), buffer[:2])
+         log.debug("opcode is %d" % opcode)
+--
+2.40.0