Actions
Security #3176
closedipv4: ts field decoding oob read (5.x)
Git IDs:
4ca83ca4896bbb07fff0ff8225f37a93b08c3374
Severity:
Disclosure Date:
Description
Due to a mistake in the offset at which the flags field it read, a one byte OOB read happens:
READ of size 1 at 0x6070000006f6 thread T0 #0 0x59f002 in IPV4OptValidateTimestamp /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:162:12 #1 0x59b2a9 in DecodeIPV4Options /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:378:32 #2 0x596c2c in DecodeIPV4Packet /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:527:9 #3 0x593032 in DecodeIPV4 /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/decode-ipv4.c:540:9
Actions