|Main Archive Page > Month Archives > oss-security archives|
On 02/16/2011 09:48 PM, Josh Bressers wrote:
> ----- Original Message -----
>> Reported by email@example.com, "Use strlcpy() to assure not to
>> overflow the string array sizes by too long USB device name string."
>> Just FYI, I'm not requesting a CVE name for this as it only affects
>> Native Instruments USB audio devices with very long device name which I
>> think is unlikely.
> I'm assigning this CVE-2011-0712.
> With the recent research about having a smartphone impersonate various USB
> devices, I think this attack is now more plausible than in previous years.
Actually this is hardware-specific, and the strcpys are in the
initialisation part of the code.