projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4bae06d) | patch
Fix CVE-2022-3602 in punycode decoder.
authorPauli <pauli@openssl.org>
Wed, 26 Oct 2022 23:21:41 +0000 (10:21 +1100)
committerTomas Mraz <tomas@openssl.org>
Tue, 1 Nov 2022 09:49:18 +0000 (10:49 +0100)
commitfe3b639dc19b325846f4f6801f2f4604f56e3de3
treee15a7a8b50d0f9a3bf58112725f34e495cc5812ctree | snapshot
parent4bae06d47ae26b37a948d31f11884e1813f6d669commit | diff
Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/punycode.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.