CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.

This could result in denial of service or possibly the execution of arbitrary code.

Bug details: PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. This could result in denial of service or possibly the execution of arbitrary code.

CVE References: CVE-2019-10391, CVE-2019-10392, CVE-2019-10393, CVE-2019-10394, CVE-2019-10395, CVE-2019-10396, CVE-2019-10397, CVE-2019-10398, CVE-2019-10399, CVE-2019-10400, CVE-2019-10401, CVE-2019-10402, CVE-2019-10403, CVE-2019-10404, CVE-2019-10405, CVE-2019-10406, CVE-2019-10407, CVE-2019-10408, CVE-2019-10409, CVE-2019-10410, CVE-2019-10411, CVE-2019-10412, CVE-2019-10413, CVE-2019-10414,

discovered with PicoC Version 3.2.2.
This could result in denial of service or possibly the execution of arbitrary code.

PicoC Version 3.2.2 was discovered to contain a NULL pointer dereference in

PicoC Version 3.2.3 is released

PicoC Version 3.2.3 is released in response to a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. This could result in denial of service or possibly the execution of arbitrary code.

PicoC Version 3.2.2 - Denial of Service

This could result in denial of service or possibly the execution of arbitrary code.

Timeline

Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/08/2022 21:56:00 UTC

References

• https://gitlab.com/zsaleeba/picoc/-/issues/48
• https://github.com/jpoirier/picoc/issues/37
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44314