An issue was discovered in FNET through 4.6.4. The code...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 21, 2023
Description
Published by the National Vulnerability Database
Dec 11, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Oct 21, 2023
An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service.
References