Hi Gopi,
siva gopi raju kudeti wrote,
Hi uClibc team,
I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that
uClibc is CVE-2016-4429 vulnerable or not.
CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code
snippet which affects the stack overflow in the
function clntudp_call in the file clnt_udp.c. But i don't know how to test
it, for actually affecting the stack.
Can you please provide me with the test process or give me the results if
it is vulnerable to the CVE-2016-4429 if you have done testing already.
I will wait for your reply.
I do not think the uClibc project is active anymore.
I have added the GNU libc patch to uClibc-ng:
http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e…
It will be in the next release. You should better switch to
uClibc-ng with your product.
best regards
Waldemar