Hi Richard, [email protected] wrote on Fri, 2 Aug 2024 18:36:47 +0200:
> The squashfs driver blindly follows symlinks, and calls sqfs_size() > recursively. So an attacker can create a crafted filesystem and with > a deep enough nesting level a stack overflow can be achieved. > > Fix by limiting the nesting level to 8. > > Signed-off-by: Richard Weinberger <[email protected]> Reviewed-by: Miquel Raynal <[email protected]> Thanks, Miquèl
