MyScaleDB icon indicating copy to clipboard operation
MyScaleDB copied to clipboard
Published 1 year ago verified publisher icon myscale

Fix potential vulnerable cloned function

Open npt-1707 opened this issue 9 months ago • 2 comments

Hi Development Team,

I identified another potential vulnerability in a clone function inflate() in base/poco/Foundation/src/inflate.c sourced from madler/zlib. This issue, originally reported in CVE-2022-37434, was resolved in the repository via this commit https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1.

This PR applies the corresponding patch to fix the vulnerabilities in this codebase.

Please review at your convenience. Thank you!

npt-1707 avatar May 08 '25 15:05 npt-1707

Hi Development Team,

I identified another potential vulnerability in a clone function inflate() in base/poco/Foundation/src/inflate.c sourced from madler/zlib. This issue, originally reported in CVE-2022-37434, was resolved in the repository via this commit madler/zlib@eff308a.

This PR applies the corresponding patch to fix the vulnerabilities in this codebase.

Please review at your convenience. Thank you!

@npt-1707 in https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be, they mentioned the fix will cause segfault and has been fixed by https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.

lqhl avatar May 14 '25 14:05 lqhl

Thanks, @lqhl! I've updated the fix. Please review it.

npt-1707 avatar May 19 '25 19:05 npt-1707