Files
asterisk/res
Milan Kyselica aa8c560915 res_xmpp: Fix stack buffer overflow in namespace prefix handling
The snprintf size parameter in xmpp_action_hook() is computed from
the attacker-controlled namespace prefix length and is not bounded
by the 256-byte stack buffer size. When a remote XMPP peer sends a
stanza with a child element whose namespace prefix exceeds 249
characters, snprintf writes past the buffer boundary.

Use sizeof(attr) as the snprintf size limit and %.*s precision to
extract only the prefix portion of the element name, preserving
the original truncation behavior for valid inputs.

Resolves: #GHSA-mxgm-8c6f-5p8f
2026-06-25 08:22:46 -06:00
..
2023-04-03 07:58:23 -05:00
2024-02-28 18:39:03 +00:00
2023-01-10 14:07:44 -06:00
2025-01-29 14:18:25 +00:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2025-01-29 14:18:25 +00:00
2021-12-03 10:38:39 -06:00
2021-11-15 16:37:34 -06:00
2025-01-29 14:18:25 +00:00
2025-01-29 14:18:25 +00:00
2021-12-03 10:38:39 -06:00
2025-01-29 14:18:25 +00:00
2025-01-29 14:18:25 +00:00
2025-01-29 14:18:25 +00:00
2025-01-29 14:18:25 +00:00
2021-11-15 16:37:34 -06:00
2021-11-15 16:37:34 -06:00
2025-01-29 14:18:25 +00:00
2021-12-03 10:38:39 -06:00
2023-12-08 13:11:54 +00:00