Actions
Bug #6787
closeddecode/pppoe: Suspicious pointer scaling
Affected Versions:
Effort:
Difficulty:
Label:
Description
pppoedt = pppoedt + (4 + tag_length);. looks like it can overflow on 32-bits system
Updated by Philippe Antoine 9 months ago
Updated by Philippe Antoine 9 months ago
- Tracker changed from Security to Bug
- Private changed from Yes to No
- Severity deleted (
MODERATE)
Actually, this is a bug, but not a security issue.
There is no unsigned overflow because we upgrade a u16 read on the network to u32
But there is still the bug that we do pointer arithmetic with something different than the u8 pkt buffer...
Updated by Philippe Antoine 8 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Victor Julien 8 months ago
- Subject changed from decode/ppoe: Suspicious pointer scaling to decode/pppoe: Suspicious pointer scaling
@Philippe Antoine can you fix the title of the backport tickets?
Updated by Philippe Antoine 8 months ago
Victor Julien wrote in #note-9:
catenacyber can you fix the title of the backport tickets?
Had to look twice at the diff to see it :-p
Updated by Philippe Antoine 8 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 8 months ago
- Status changed from Resolved to Closed
Actions