Actions
Bug #6787
closed
PA
PA
decode/pppoe: Suspicious pointer scaling
Bug #6787:
decode/pppoe: Suspicious pointer scaling
Affected Versions:
Effort:
Difficulty:
Label:
Description
pppoedt = pppoedt + (4 + tag_length);. looks like it can overflow on 32-bits system
PA Updated by Philippe Antoine about 2 years ago
- Status changed from New to In Review
PA Updated by Philippe Antoine about 2 years ago
- Tracker changed from Security to Bug
- Private changed from Yes to No
- Severity deleted (
MODERATE)
Actually, this is a bug, but not a security issue.
There is no unsigned overflow because we upgrade a u16 read on the network to u32
But there is still the bug that we do pointer arithmetic with something different than the u8 pkt buffer...
PA Updated by Philippe Antoine about 2 years ago
- Target version changed from TBD to 8.0.0-beta1
OT Updated by OISF Ticketbot about 2 years ago
- Subtask #6809 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 6.0)
OT Updated by OISF Ticketbot about 2 years ago
- Subtask #6810 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 7.0)
VJ Updated by Victor Julien about 2 years ago
- Subject changed from decode/ppoe: Suspicious pointer scaling to decode/pppoe: Suspicious pointer scaling
@Philippe Antoine can you fix the title of the backport tickets?
PA Updated by Philippe Antoine about 2 years ago
Victor Julien wrote in #note-9:
catenacyber can you fix the title of the backport tickets?
Had to look twice at the diff to see it :-p
VJ Updated by Victor Julien about 2 years ago
Off by one I guess ;)
PA Updated by Philippe Antoine about 2 years ago
- Status changed from In Review to Resolved
PA Updated by Philippe Antoine about 2 years ago
- Status changed from Resolved to Closed
Actions