abseil-cpp: fix CVE-2025-0838 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Changqing Li <changqing.li@windriver.com>	2025-02-27 14:36:50 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-03-06 09:48:36 -0500
commit	6abfd35755938a30890e909854d39e379230571c (patch)
tree	2ce30aea31cd751e8249f175b1662abbbb95362b /meta-python/recipes-devtools/python/python-idna-ssl.inc
parent	62473559da25805b046639433c3a9023c2e9d224 (diff)
download	meta-openembedded-6abfd35755938a30890e909854d39e379230571c.tar.gz

abseil-cpp: fix CVE-2025-0838

Backport a patch to fix CVE-2025-0838 CVE-2025-0838: There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-0838 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-idna-ssl.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: