diff options
author | Pauli <pauli@openssl.org> | 2022-10-27 10:22:47 +1100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-11-01 10:49:18 +0100 |
commit | c42165b5706e42f67ef8ef4c351a9a4c5d21639a (patch) | |
tree | c7d42a14c7edb88971fb1f8feb8353870b242ffc /NOTES-DJGPP.md | |
parent | fe3b639dc19b325846f4f6801f2f4604f56e3de3 (diff) |
Fix CVE-2022-3786 in punycode decoder.
Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).
The function also did not NUL-terminate the output in some cases.
The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'NOTES-DJGPP.md')
0 files changed, 0 insertions, 0 deletions