Control: severity -1 wishlist Hello,
Moritz Mühlenhoff, le ven. 22 déc. 2023 10:03:28 +0100, a ecrit: > CVE-2023-49287[0]: > | TinyDir is a lightweight C directory and file reader. Buffer > | overflows in the `tinydir_file_open()` function. This vulnerability > | has been patched in version 1.2.6. > > https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf > https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d > https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt > > falcosecurity-libs embeds a copy of tinydir, if it's not used to > open files from potentially untrusted paths, feel free to downgrade. The tinydir_file_open function is not used at all indeed. (and we don't ship the only lwip app that includes tinydir.h anyway) Samuel
