CVE-2023-52389

Integer Overflow or Wraparound in conan/poco

Identifiers

CVE-2023-52389

Package Slug

conan/poco

Vulnerability

Integer Overflow or Wraparound

Description

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

Affected Versions

All versions before 1.11.8, all versions starting from 1.12.0 before 1.12.5

Solution

Upgrade to version 1.12.5p1 or above.

Last Modified

2024-02-09

source