CVE-2016-4429 vulnerability

siva gopi raju kudeti sivagopi059 at gmail.com
Mon Aug 8 05:53:04 UTC 2016


Hi Waldemar,

Thanks for the immediate replay.

The patch you given looks good. I will make out this patch.

After that, testing with the IPERF or PING is fine or any other way is
there to test.

Can you please suggest me to do that.


Regards,
Gopi.

On 6 August 2016 at 01:19, Waldemar Brodkorb <wbx at uclibc-ng.org> wrote:

> Hi Gopi,
> siva gopi raju kudeti wrote,
>
> > Hi uClibc team,
> >
> > I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know
> that
> > uClibc is CVE-2016-4429 vulnerable or not.
> >
> > CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code
> > snippet which affects the stack overflow in the
> > function clntudp_call in the file clnt_udp.c. But i don't know how to
> test
> > it, for actually affecting the stack.
> >
> > Can you please provide me with the test process or give me the results if
> > it is vulnerable to the CVE-2016-4429 if you have done testing already.
> >
> > I will wait for your reply.
>
> I do not think the uClibc project is active anymore.
> I have added the GNU libc patch to uClibc-ng:
> http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=
> 9213ad631513d0e67d9d31465c9cdb3f3dde0399
>
> It will be in the next release. You should better switch to
> uClibc-ng with your product.
>
> best regards
>  Waldemar
>


More information about the uClibc mailing list