hugo/content/about/security/advisories/cve-2004-0785-01.md

Fri, 28 Feb 2025 00:58:39 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Fri, 28 Feb 2025 00:58:39 -0600
changeset 547
8400662befb3
parent 394
c83367e9b2db
permissions
-rw-r--r--

Add the Meshtastic plugin

I meant to add this awhile ago but somehow missed it.

Testing Done:
Ran `npm run hugo:server` and verified the plugin showed up.

Reviewed at https://reviews.imfreedom.org/r/3861/

---
title: cve-2004-0785-01
date: 2004-08-26T00:00:00.000Z
cveNumber: cve-2004-0785
summary: Local hostname resolution buffer overflow
discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
type: security
layout: cve
hidden: true
---

### Description

Buffer overflow.  If the local computer's host name is not in /etc/hosts, and
the computer performs a DNS query to obtain its hostname when signing on to
zephyr, it could receive a reply with a hostname greater than `MAXHOSTNAMELEN`
(generally 64 bytes).  If `gethostbyname()` does not ensure the size of
`hostent->h_name` is less than `MAXHOSTNAMELEN`, this value would be copied to
a buffer that is not large enough.

### Mitigation

The calls to copy the hostname were replaced with calls that check the length
of the destination buffer.

mercurial