Files
asterisk/res
Milan Kyselica 8bcf6b79f8 res_xmpp: Fix stack buffer overflow in namespace prefix handling
The snprintf size parameter in xmpp_action_hook() is computed from
the attacker-controlled namespace prefix length and is not bounded
by the 256-byte stack buffer size. When a remote XMPP peer sends a
stanza with a child element whose namespace prefix exceeds 249
characters, snprintf writes past the buffer boundary.

Use sizeof(attr) as the snprintf size limit and %.*s precision to
extract only the prefix portion of the element name, preserving
the original truncation behavior for valid inputs.

Resolves: #GHSA-mxgm-8c6f-5p8f
2026-06-25 08:21:35 -06:00
..
2023-04-03 07:13:57 -05:00
2024-02-28 18:38:58 +00:00
2021-12-03 10:38:39 -06:00
2025-01-29 14:17:54 +00:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2021-11-18 16:25:51 -06:00
2025-01-29 14:17:54 +00:00
2021-12-03 10:38:39 -06:00
2021-11-15 16:37:34 -06:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2021-12-03 10:38:39 -06:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2021-11-15 16:37:34 -06:00
2025-01-29 14:17:54 +00:00
2025-01-29 14:17:54 +00:00
2021-11-15 16:37:34 -06:00
2021-11-15 16:37:34 -06:00
2025-01-29 14:17:54 +00:00
2021-12-03 10:38:39 -06:00
2023-12-08 13:11:48 +00:00