Source: lwip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for lwip. CVE-2023-49287[0]: | TinyDir is a lightweight C directory and file reader. Buffer | overflows in the `tinydir_file_open()` function. This vulnerability | has been patched in version 1.2.6. https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt falcosecurity-libs embeds a copy of tinydir, if it's not used to open files from potentially untrusted paths, feel free to downgrade. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49287 https://www.cve.org/CVERecord?id=CVE-2023-49287 Please adjust the affected versions in the BTS as needed.
