ConfD User Community

Possible buffer overrun vulnerability in ConfD


#1

A Veracode scan shows that ConfD version 6.0.3 has a potential buffer overrun vulnerability in the file confd_ipc_access.c. Does anyone know if this problem has been addressed in the latest version? Is there a list of other vulnerabilities that have been found in ConfD?

Thanks guys for the help.

Bryant


#2

I don’t believe many of us on this forum have access to Veracode’s commercial tools.
If you are concerned about that tool complaining about a buffer overrun vulnerability in the libconfd library (liked with your application, not part of the configuration daemon), feel free to suggest an improvement on this forum or file a ticket with Tail-f support.