Wind River Support Network

HomeDefectsLIN1019-10871
Not to be fixed

LIN1019-10871 : Security Advisory - poco - CVE-2023-52389

Created: Jan 28, 2024    Updated: Apr 8, 2024
Resolved Date: Apr 8, 2024
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

CREATE(Triage):(User=admin) CVE-2023-52389 (https://nvd.nist.gov/vuln/detail/CVE-2023-52389)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube