Impact
What kind of vulnerability is it? Who is impacted?
The libsinsp library used by Falco provides a class to store IPv4 interface information, one of which is the name. It was discovered that a stack buffer overflow could be triggered due to the use of sprintf. This issue can potentially lead to code execution.
Only users using Falco versions before 0.18.0 are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by commit 6dc5261 on Aug 6, 2019.
Users should upgrade to version 0.18.0 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No workaround available, a version upgrade to 0.18.0 or later is need.
References
Are there any links users can visit to find out more?
The affected code (before the patch) can be found here.
For more information
If you have any questions or comments about this advisory:
leodido Analyst
Impact
What kind of vulnerability is it? Who is impacted?
The libsinsp library used by Falco provides a class to store IPv4 interface information, one of which is the name. It was discovered that a stack buffer overflow could be triggered due to the use of
sprintf. This issue can potentially lead to code execution.Only users using Falco versions before 0.18.0 are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by commit 6dc5261 on Aug 6, 2019.
Users should upgrade to version 0.18.0 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No workaround available, a version upgrade to 0.18.0 or later is need.
References
Are there any links users can visit to find out more?
The affected code (before the patch) can be found here.
For more information
If you have any questions or comments about this advisory: