Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Finit has heap based buffer overwrite in urandom.so plugin
Vulnerability Description
Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
finit 缓冲区错误漏洞
Vulnerability Description
finit是Joachim Wiberg个人开发者的一个Linux的快速初始化工具。 finit 4.2及之后版本存在缓冲区错误漏洞,该漏洞源于urandom插件存在堆缓冲区覆盖,可能导致随机不稳定和未定义行为。
CVSS Information
N/A
Vulnerability Type
N/A