Mirror/Reticulum
1
0
Fork 0
mirror of https://github.com/markqvist/Reticulum.git synced 2026-04-23 22:29:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

Prepare release

Browse Source
This commit is contained in:
Mark Qvist
2026-04-22 13:51:09 +02:00
parent a21024a57e
commit 45e12cc668
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Changelog.md
View File

@@ -2,7 +2,7 @@
This maintenance release fixes a critical security issue, that would allow an attacker to craft a BZ2 decompression bomb via Resource transfers or Buffer StreamDataMessage, causing an out-of-memory condition and crashing the receiving process via OOM killer.
Big thanks to @defidude for discovering and reporting this vulnerability!
Big thanks to @defidude (github.com/ratspeak) for discovering and reporting this vulnerability!
**Changes**
- Fixed bz2 decompression bomb vulnerability in Resource transfer assembly and Buffer StreamDataMessage unpacking.