jerpelea opened a new pull request, #19263:
URL: https://github.com/apache/nuttx/pull/19263

   ## Summary
   
   Invalid data is passed to the NXP Plug & Trust Nano Package used by the 
NuttX secure element driver. If the NXP code is not handling the malformed 
data, a corruption can occur. Alternatively, if the attacker is able to point 
create_signature_args->algorithm in memory at an address that is not 
accessible, a crash can occur.
   
   Applicable to:
   * `signature_algorithm_mapping[create_signature_args->algorithm]`
   * `signature_algorithm_mapping[verify_signature_args->algorithm]`
   
   ## Impact
   
   RELEASE
   
   ## Testing
   
   CI


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to