Hi Gopi, siva gopi raju kudeti wrote,
Hi uClibc team,
I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that uClibc is CVE-2016-4429 vulnerable or not.
CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code snippet which affects the stack overflow in the function clntudp_call in the file clnt_udp.c. But i don't know how to test it, for actually affecting the stack.
Can you please provide me with the test process or give me the results if it is vulnerable to the CVE-2016-4429 if you have done testing already.
I will wait for your reply.
I do not think the uClibc project is active anymore. I have added the GNU libc patch to uClibc-ng: http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e6...
It will be in the next release. You should better switch to uClibc-ng with your product.
best regards Waldemar