Security vulnerabilities and automated fixes for plugin security issues
1 post found
A critical buffer overflow vulnerability was discovered and patched in plugin.c, where five unbounded sprintf() calls wrote into fixed-size buffers without validating input length. An attacker controlling NVMe device names or plugin metadata could exploit this to overwrite return addresses and achieve arbitrary code execution. The fix eliminates these unsafe calls, closing a classic but devastatingly effective attack vector.