mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Gyorgy Sarvari
9af2a4a468
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-31212 A detailed writeup[1] is referenced by the nvd report, which describes that the vulnerability itself is not in the application, rather in a dependency of it, in c-shutil, which is pulled in as a submodule. Pick the patch from this submodule that fixes a stack overflow, and adds a test explictly verifying the described vulnerability. [1]: https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>