smsutil: Check that address fits and submit report in memory (CVE-2023-4233, CVE-2023-4234) https://gitlab.com/ubports/ubuntu-touch/-/issues/2167 (!9) · Merge requests · UBports / Development / Core / ofono-ubports

The following patches prevent possible buffer overflow during SMS decoding. This fixes this issue ubports/ubuntu-touch#2167 (closed)

There are corresponding bug reports on Red Hat Bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=2255396 (CVE-2023-4233 ofono: SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability within the sms_decode_address_field() function)
https://bugzilla.redhat.com/show_bug.cgi?id=2255399 (CVE-2023-4234 ofono: SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability within the decode_submit_report() function)

Edited Dec 28, 2023 by German Semenov

smsutil: Check that address fits and submit report in memory (CVE-2023-4233, CVE-2023-4234) ubports/ubuntu-touch#2167