Actions
Bug #6787
closeddecode/pppoe: Suspicious pointer scaling
Affected Versions:
Effort:
Difficulty:
Label:
Description
pppoedt = pppoedt + (4 + tag_length);. looks like it can overflow on 32-bits system
Updated by Philippe Antoine about 1 year ago
Updated by Philippe Antoine about 1 year ago
- Status changed from New to In Review
Updated by Philippe Antoine about 1 year ago
- Tracker changed from Security to Bug
- Private changed from Yes to No
- Severity deleted (
MODERATE)
Actually, this is a bug, but not a security issue.
There is no unsigned overflow because we upgrade a u16 read on the network to u32
But there is still the bug that we do pointer arithmetic with something different than the u8 pkt buffer...
Updated by Philippe Antoine 12 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 12 months ago
- Subject changed from decode/ppoe: Suspicious pointer scaling to decode/pppoe: Suspicious pointer scaling
@Philippe Antoine can you fix the title of the backport tickets?
Updated by Philippe Antoine 12 months ago
Victor Julien wrote in #note-9:
catenacyber can you fix the title of the backport tickets?
Had to look twice at the diff to see it :-p
Updated by Philippe Antoine 12 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 12 months ago
- Status changed from Resolved to Closed
Actions