CVE-2023-34095

Name of the Vulnerable Software and Affected Versions cpdb-libs versions 1.0 through 2.0b4

Description The issue arises from the improper use of scanf(3) in cpdb-libs, leading to buffer overflows. This occurs because fscanf() and scanf() functions are used to parse command lines and configuration files without limiting the length of the strings to be read, causing buffer overflows when a string exceeds 1023 characters. The fscanf() and scanf() functions drop the read string components into fixed-length buffers. A patch is available, which limits the maximum string length to 1023 by replacing %s with %1023s in all calls of fscanf() and scanf() functions.

Recommendations For versions 1.0 through 2.0b4, apply the patch available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7, which replaces all occurrences of %s with %1023s in all calls of the fscanf() and scanf() functions to limit the maximum string length to 1023.