Hi Waldemar,

Thanks for the immediate replay.

The patch you given looks good. I will make out this patch.

After that, testing with the IPERF or PING is fine or any other way is there to test.

Can you please suggest me to do that.

Regards,

Gopi.

On 6 August 2016 at 01:19, Waldemar Brodkorb <wbx@uclibc-ng.org> wrote:

Hi Gopi,
siva gopi raju kudeti wrote,

> Hi uClibc team,
>
> I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that
> uClibc is CVE-2016-4429 vulnerable or not.
>
> CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code
> snippet which affects the stack overflow in the
> function clntudp_call in the file clnt_udp.c. But i don't know how to test
> it, for actually affecting the stack.
>
> Can you please provide me with the test process or give me the results if
> it is vulnerable to the CVE-2016-4429 if you have done testing already.
>
> I will wait for your reply.

I do not think the uClibc project is active anymore.
I have added the GNU libc patch to uClibc-ng:
http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e67d9d31465c9cdb3f3dde0399

It will be in the next release. You should better switch to
uClibc-ng with your product.

best regards
Waldemar