Project

General

Profile

Actions

Security #6668

closed

ip defrag: final overlapping packet can lead to "hole" in re-assembled data

Added by Jason Ish 11 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

d0fd0782505d837e691ceef1b801776f0db82726

Severity:
MODERATE
Disclosure Date:

Description

This is covered in test: bsd/peos/test_361

Given a packet that covers regions M-N and has MF set to 0, but there is a still a hole before region M. Then another packet comes in and covers (M-1)-N, we could have a hole in the re-assembled as the packet received first comes first in the iteration of packets to be re-assembled, and we break on the MF flag being 0.

Instead we should iterate one more time, as the following packet may fill in the hole.


Subtasks 2 (0 open2 closed)

Security #6671: ip defrag: final overlapping packet can lead to "hole" in re-assembled data (6.0.x backport)ClosedJason IshActions
Security #6673: ip defrag: final overlapping packet can lead to "hole" in re-assembled data (7.0.x backport)ClosedJason IshActions
Actions #1

Updated by Jason Ish 11 months ago

  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from TBD to 8.0.0-beta1
Actions #2

Updated by OISF Ticketbot 11 months ago

  • Subtask #6671 added
Actions #3

Updated by OISF Ticketbot 11 months ago

  • Label deleted (Needs backport to 6.0)
Actions #4

Updated by OISF Ticketbot 11 months ago

  • Subtask #6673 added
Actions #5

Updated by OISF Ticketbot 11 months ago

  • Label deleted (Needs backport to 7.0)
Actions #6

Updated by Jason Ish 11 months ago

  • Status changed from New to In Review
Actions #7

Updated by Victor Julien 7 months ago

  • CVE set to 2024-32867
Actions #8

Updated by Victor Julien 7 months ago

  • Status changed from In Review to Closed
  • Git IDs updated (diff)
Actions

Also available in: Atom PDF