[Buildroot] [PATCH 1/1] package/cereal: fix CVE-2020-11105
Peter Korsgaard
peter at korsgaard.com
Thu Feb 4 17:22:31 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
> 1.3.0. It employs caching of std::shared_ptr values, using the raw
> pointer address as a unique identifier. This becomes problematic if an
> std::shared_ptr variable goes out of scope and is freed, and a new
> std::shared_ptr is allocated at the same address. Serialization fidelity
> thereby becomes dependent upon memory layout. In short, serialized
> std::shared_ptr variables cannot always be expected to serialize back
> into their original values. This can have any number of consequences,
> depending on the context within which this manifests.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list