On Tue, Jan 23, 2024 at 07:33:28PM -0800, Doug Flick via groups.io wrote:
> From: Doug Flick <dougfl...@microsoft.com>
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
>
> SECURITY PATCH - Patch
>
> TCBZ4536
> CVE-2023-45231
> CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
> CWE-125 Out-of-bounds Read
Same comment for the commit message as for patch #1.
> + //
> + // Cannot process truncated options.
> + // Cannot process options with a length of 0 as there is no Type field.
> + //
> + if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
> + return FALSE;
> + }
Code change is good (and the commit message describing the change can be
as short as the patch itself ;)
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114278): https://edk2.groups.io/g/devel/message/114278
Mute This Topic: https://groups.io/mt/103926735/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
