Actions
Security #3173
closedipv4: ts field decoding oob read
Description
Due to a mistake in the offset at which the flags field it read, a one byte OOB read happens:
READ of size 1 at 0x6070000006f6 thread T0 #0 0x59f002 in IPV4OptValidateTimestamp /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:162:12 #1 0x59b2a9 in DecodeIPV4Options /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:378:32 #2 0x596c2c in DecodeIPV4Packet /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:527:9 #3 0x593032 in DecodeIPV4 /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:540:9
Updated by Victor Julien over 5 years ago
- Copied to Security #3176: ipv4: ts field decoding oob read (5.x) added
Updated by Victor Julien about 5 years ago
- Status changed from Assigned to Closed
- Private changed from Yes to No
Updated by Victor Julien over 4 years ago
- Tracker changed from Bug to Security
- CVE set to 2019-16411
- Git IDs updated (diff)
Actions