Actions
Bug #6787
closeddecode/pppoe: Suspicious pointer scaling
Affected Versions:
Effort:
Difficulty:
Label:
Description
pppoedt = pppoedt + (4 + tag_length);
. looks like it can overflow on 32-bits system
Updated by Philippe Antoine 10 months ago
Updated by Philippe Antoine 10 months ago
- Tracker changed from Security to Bug
- Private changed from Yes to No
- Severity deleted (
MODERATE)
Actually, this is a bug, but not a security issue.
There is no unsigned overflow because we upgrade a u16 read on the network to u32
But there is still the bug that we do pointer arithmetic with something different than the u8 pkt buffer...
Updated by Philippe Antoine 10 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 10 months ago
- Subject changed from decode/ppoe: Suspicious pointer scaling to decode/pppoe: Suspicious pointer scaling
@Philippe Antoine can you fix the title of the backport tickets?
Updated by Philippe Antoine 10 months ago
Victor Julien wrote in #note-9:
catenacyber can you fix the title of the backport tickets?
Had to look twice at the diff to see it :-p
Updated by Philippe Antoine 10 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 10 months ago
- Status changed from Resolved to Closed
Actions