Skip to content

fix: the bcm4908img firmware image parser performs a... in bcm4908img.c#11

Open
orbisai0security wants to merge 1 commit into
ofmodemsandmen:mainfrom
orbisai0security:fix-bcm4908img-memcpy-bounds-check
Open

fix: the bcm4908img firmware image parser performs a... in bcm4908img.c#11
orbisai0security wants to merge 1 commit into
ofmodemsandmen:mainfrom
orbisai0security:fix-bcm4908img-memcpy-bounds-check

Conversation

@orbisai0security

Copy link
Copy Markdown

Summary

Fix critical severity security issue in package/utils/bcm4908img/src/bcm4908img.c.

Vulnerability

Field Value
ID V-001
Severity CRITICAL
Scanner multi_agent_ai
Rule V-001
File package/utils/bcm4908img/src/bcm4908img.c:774
CWE CWE-120

Description: The bcm4908img firmware image parser performs a memcpy at line 774 copying sizeof(node) bytes from a source controlled by the firmware image into a fixed-size dirent structure without validating that the source size fits the destination. Combined with a malloc at line 486 that allocates a buffer based on a length field read directly from the firmware image, an attacker who supplies a crafted firmware image can trigger a heap-based buffer overflow. If the length field is manipulated to cause an integer overflow in size arithmetic, the allocation will be undersized and subsequent writes will corrupt adjacent heap memory.

Changes

  • package/utils/bcm4908img/src/bcm4908img.c

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

Automated security fix generated by OrbisAI Security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant