Project

General

Profile

Actions

Security #3173

closed

ipv4: ts field decoding oob read

Added by Victor Julien about 5 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

8c399c0a5768fba2df024e6926770719b8697cc6

Severity:
Disclosure Date:

Description

Due to a mistake in the offset at which the flags field it read, a one byte OOB read happens:

 READ of size 1 at 0x6070000006f6 thread T0
 #0 0x59f002 in IPV4OptValidateTimestamp /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:162:12
 #1 0x59b2a9 in DecodeIPV4Options /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:378:32
 #2 0x596c2c in DecodeIPV4Packet /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:527:9
 #3 0x593032 in DecodeIPV4 /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:540:9


Related issues 1 (0 open1 closed)

Copied to Suricata - Security #3176: ipv4: ts field decoding oob read (5.x)ClosedVictor JulienActions
Actions

Also available in: Atom PDF