Audit Open Original ↗
Arch Linux Pacman
Type
Security review
Client
The Open Technology Foundation (OTF)
Date
2023-12
Domain
AppSec
Effort
2 wks
Section
Technology Product Reviews
Trail of Bits's security review of The Open Technology Foundation (OTF) (Dec 2023) identified 9 issues: 1 low, 5 informational, and 3 undetermined.
Findings · 9
- 1 Use-after-free vulnerability in the print_packages function Low
- 2 Null pointer dereferences Informational
- 3 Allocation failures can lead to memory leaks or null pointer dereferences Informational
- 4 Bu�er overflow read in string_length utility function Undetermined
- 5 Undefined behavior or potential null pointer dereferences Undetermined
- 6 Undefined behavior from use of atoi Informational
- 7 Database parsers fail silently if an option is not recognized Informational
- 8 Cache cleaning function may delete the wrong files Informational
- 9 Integer underflow in a length check leads to out-of-bounds read in alpm_extract_keyid Undetermined
Findings extracted from the published report PDF. See the full report below for details and remediation.
Related