From: Deepak Rathore <[email protected]> This patch applies the upstream master backport for CVE-2026-58058. The upstream fix commit is referenced in [1], and the public CVE advisory is referenced in [2].
[1] https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83 [2] https://github.com/advisories/GHSA-wxvj-hc4r-fq45 Signed-off-by: Deepak Rathore <[email protected]> diff --git a/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch b/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch new file mode 100644 index 0000000000..653caee7e3 --- /dev/null +++ b/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch @@ -0,0 +1,33 @@ +From ad19a059ec459552d9c4ba2ffa40e0cb2e7034bb Mon Sep 17 00:00:00 2001 +From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419> +Date: Thu, 25 Jun 2026 21:58:49 +0000 +Subject: [PATCH] Fix extension header parsing. Credit: Himanshu Anand + +CVE: CVE-2026-58058 +Upstream-Status: Backport [https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83] + +(cherry picked from commit bb6754e76bb1686315008e1aa1c40202a513fb83) +Signed-off-by: Deepak Rathore <[email protected]> +--- + libnetutil/netutil.cc | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc +index e11b3f103..4d26f3c41 100644 +--- a/libnetutil/netutil.cc ++++ b/libnetutil/netutil.cc +@@ -687,11 +687,13 @@ static const void *ipv6_get_data_primitive(const struct ip6_hdr *ip6, + *nxt = ip6->ip6_nxt; + p += sizeof(*ip6); + while (p < end && ipv6_is_extension_header(*nxt)) { +- if (p + 2 > end) ++ if (p + 8 > end) + return NULL; + *nxt = *p; + p += (*(p + 1) + 1) * 8; + } ++ if (p >= end) ++ return NULL; + + *len = end - p; + if (upperlayer_only && !ipv6_is_upperlayer(*nxt)) diff --git a/meta-oe/recipes-security/nmap/nmap_7.95.bb b/meta-oe/recipes-security/nmap/nmap_7.95.bb index 8841a8cd78..e2bd57b114 100644 --- a/meta-oe/recipes-security/nmap/nmap_7.95.bb +++ b/meta-oe/recipes-security/nmap/nmap_7.95.bb @@ -12,6 +12,7 @@ SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ file://0002-Fix-building-with-libc.patch \ file://0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch \ file://0001-fix-racing-between-build-ncat-and-build-lua.patch \ + file://CVE-2026-58058.patch \ " SRC_URI[sha256sum] = "e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778" -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#128119): https://lists.openembedded.org/g/openembedded-devel/message/128119 Mute This Topic: https://lists.openembedded.org/mt/120188229/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
