Fix: Potential Vulnerability in Cloned zlib-Function#6246
Fix: Potential Vulnerability in Cloned zlib-Function#6246mvieth merged 1 commit intoPointCloudLibrary:masterfrom
Conversation
If the extra field was larger than the space the user provided with inflateGetHeader(), and if multiple calls of inflate() delivered the extra header data, then there could be a buffer overflow of the provided space. This commit assures that provided space is not exceeded.
mvieth
added
module: surface
changelog: fix
mvieth
left a comment
mvieth
left a comment
There was a problem hiding this comment.
Thanks!
As a side note: PCL will by default use a zlib installation from the system (see https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70 ) and will only use these copied zlib files if specifically requested by the user. So hopefully the effects of these potential vulnerabilities are not too extensive.
|
Hi @mvieth, thanks for merging my PR again. Just want to let you know that I plan to report this as a CVE too. Let me know if you have any concern! |
|
@tabudz Thank you for the heads-up. If you report this, may I suggest to include my note from above? That is: since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets |
mvieth
changed the title
2 participants
Description
This PR fixes a security vulnerability in inflate() that was cloned from zlib but did not receive the security patch applied in zlib. The original issue was reported and fixed under madler/zlib@eff308a.
This PR applies the same patch as the one in zlib to eliminate the vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37434
madler/zlib@eff308a