On Tue, 19 Jul 2016, Jay R. Ashworth wrote: > Heap overflow bug in either a widely used ASN.1 library from Objective > Systems, > apparently popular with cell-radio industry people. Not sure if this will > leak over into NANOG land -- but neither are you, and that's most of my point. > > DO *you* know if this library is used in your routers? Can you find out? > > How easily and quickly?
CERT/CC has published a list of contacted vendors: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4 >From the timeline: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080#8-report-timeline it is not clear if all vendors have been contacted. Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted baseband module firmware. Marcin
