Project

General

Profile

Actions
Copy link

Security #6675

closed

ip-defrag: packet can be considered complete even with holes

Added by Jason Ish 10 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
8.0.0-beta1
Affected Versions:
6.0.15, 7.0.2
Label:
CVE:
2024-32867
Git IDs:

d226d0a3fce8837936e1bdfaee496c80d417e0a5

Severity:
MODERATE
Disclosure Date:

Description

The test to check if all fragments exist is flawed. It adds up the data lengths, which can cause it to be larger than the data available in case of fragments.

To fix, the length of the re-assembled packet should only be incremented to the last byte of data seen.

This is covered by test peose/bsd/173

Subtasks 2 (0 open2 closed)

Security #6676: ip-defrag: packet can be considered complete even with holes (6.0.x backport)ClosedJason IshActions
Security #6677: ip-defrag: packet can be considered complete even with holes (7.0.x backport)ClosedJason IshActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 10 months ago

  • Subtask #6676 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 10 months ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #3

Updated by OISF Ticketbot 10 months ago

  • Subtask #6677 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 10 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #5

Updated by Jason Ish 10 months ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #6

Updated by Jason Ish 8 months ago

  • Description updated (diff)
Actions
Copy link
 #7

Updated by Victor Julien 6 months ago

  • CVE set to 2024-32867
Actions
Copy link
 #8

Updated by Victor Julien 6 months ago

  • Status changed from In Review to Closed
  • Git IDs updated (diff)
Actions
Copy link

Also available in: Atom PDF