Hi Gopi, siva gopi raju kudeti wrote, > Hi uClibc team, > > I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that > uClibc is CVE-2016-4429 vulnerable or not. > > CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code > snippet which affects the stack overflow in the > function clntudp_call in the file clnt_udp.c. But i don't know how to test > it, for actually affecting the stack. > > Can you please provide me with the test process or give me the results if > it is vulnerable to the CVE-2016-4429 if you have done testing already. > > I will wait for your reply.
I do not think the uClibc project is active anymore. I have added the GNU libc patch to uClibc-ng: http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e67d9d31465c9cdb3f3dde0399 It will be in the next release. You should better switch to uClibc-ng with your product. best regards Waldemar _______________________________________________ uClibc mailing list [email protected] http://lists.busybox.net/mailman/listinfo/uclibc
