It's like, babby's first C code here. Complete with a textbook example of a buffer overflow. And there are TWO instances of this same code in the codebase. Ugh.

I will not be revealing the library until I have figured out how to disclose this to the vendor, or at the very least alerted distros. I don't know how long that will take though.

(This library is widely deployed in some capacity, but it's an example of needing custom, malicious hardware to trigger the bug. If you can do that though it's trivial to trigger.)

A story in 4 parts (but I'm still waiting for the fourth to be written):

If all goes well poorly I might be dropping this vuln earlier than expected.