diff mbox series

[meta-oe,scarthgap] nmap: fix CVE-2026-58058

Message ID 20260715172653.1153703-1-deeratho@cisco.com
State New
Headers show
Series [meta-oe,scarthgap] nmap: fix CVE-2026-58058 | expand

Commit Message

From: Deepak Rathore <deeratho@cisco.com>

This patch applies the upstream master backport for
CVE-2026-58058. The upstream fix commit is referenced in [1],
and the public CVE advisory is referenced in [2].

[1] https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83
[2] https://github.com/advisories/GHSA-wxvj-hc4r-fq45

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
---
 .../nmap/files/CVE-2026-58058.patch           | 33 +++++++++++++++++++
 meta-oe/recipes-security/nmap/nmap_7.80.bb    |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch b/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch
new file mode 100644
index 000000000..653caee7e
--- /dev/null
+++ b/meta-oe/recipes-security/nmap/files/CVE-2026-58058.patch
@@ -0,0 +1,33 @@ 
+From ad19a059ec459552d9c4ba2ffa40e0cb2e7034bb Mon Sep 17 00:00:00 2001
+From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date: Thu, 25 Jun 2026 21:58:49 +0000
+Subject: [PATCH] Fix extension header parsing. Credit: Himanshu Anand
+
+CVE: CVE-2026-58058
+Upstream-Status: Backport [https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83]
+
+(cherry picked from commit bb6754e76bb1686315008e1aa1c40202a513fb83)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ libnetutil/netutil.cc | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc
+index e11b3f103..4d26f3c41 100644
+--- a/libnetutil/netutil.cc
++++ b/libnetutil/netutil.cc
+@@ -687,11 +687,13 @@ static const void *ipv6_get_data_primitive(const struct ip6_hdr *ip6,
+   *nxt = ip6->ip6_nxt;
+   p += sizeof(*ip6);
+   while (p < end && ipv6_is_extension_header(*nxt)) {
+-    if (p + 2 > end)
++    if (p + 8 > end)
+       return NULL;
+     *nxt = *p;
+     p += (*(p + 1) + 1) * 8;
+   }
++  if (p >= end)
++    return NULL;
+ 
+   *len = end - p;
+   if (upperlayer_only && !ipv6_is_upperlayer(*nxt))
diff --git a/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-oe/recipes-security/nmap/nmap_7.80.bb
index 18b1a5024..afae38fb7 100644
--- a/meta-oe/recipes-security/nmap/nmap_7.80.bb
+++ b/meta-oe/recipes-security/nmap/nmap_7.80.bb
@@ -13,6 +13,7 @@  SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
            file://0001-Make-ndiff-support-python3.patch \
            file://0001-configure.ac-make-ndiff-depend-on-python3.patch \
            file://nmap-rename-enum-PCAP_SOCKET.patch \
+           file://CVE-2026-58058.patch \
            "
 
 SRC_URI[md5sum] = "d37b75b06d1d40f27b76d60db420a1f5"