CVE-2016-4429 vulnerability
Waldemar Brodkorb
wbx at uclibc-ng.org
Fri Aug 5 19:49:27 UTC 2016
Hi Gopi,
siva gopi raju kudeti wrote,
> Hi uClibc team,
>
> I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that
> uClibc is CVE-2016-4429 vulnerable or not.
>
> CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code
> snippet which affects the stack overflow in the
> function clntudp_call in the file clnt_udp.c. But i don't know how to test
> it, for actually affecting the stack.
>
> Can you please provide me with the test process or give me the results if
> it is vulnerable to the CVE-2016-4429 if you have done testing already.
>
> I will wait for your reply.
I do not think the uClibc project is active anymore.
I have added the GNU libc patch to uClibc-ng:
http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e67d9d31465c9cdb3f3dde0399
It will be in the next release. You should better switch to
uClibc-ng with your product.
best regards
Waldemar
More information about the uClibc
mailing list