CVE-2023-49287: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

December 4, 2023 (updated December 13, 2023)

TinyDir is a lightweight C directory and file reader. Buffer overflows in the tinydir_file_open() function. This vulnerability has been patched in version 1.2.6.

References

packetstormsecurity.com/files/176060/TinyDir-1.2.5-Buffer-Overflow.html
www.openwall.com/lists/oss-security/2023/12/04/1
github.com/cxong/tinydir/releases/tag/1.2.6
github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
nvd.nist.gov/vuln/detail/CVE-2023-49287

Detect and mitigate CVE-2023-49287 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →