smsutil: Check that address fits and submit report in memory (CVE-2023-4233, CVE-2023-4234) ubports/ubuntu-touch#2167
Hello @sunweaver,
The following patches prevent possible buffer overflow during SMS decoding. This fixes this issue ubports/ubuntu-touch#2167 (closed)
There are corresponding bug reports on Red Hat Bugzilla:
- https://bugzilla.redhat.com/show_bug.cgi?id=2255396 (CVE-2023-4233 ofono: SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability within the sms_decode_address_field() function)
- https://bugzilla.redhat.com/show_bug.cgi?id=2255399 (CVE-2023-4234 ofono: SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability within the decode_submit_report() function)
Edited by German Semenov