Skip to content

[Bug] Format string vulnerability in fix_ipv6_checksums() function #723

Closed
@tin-z

Description

Describe the bug
Tcpreplay version 4.4.1 contains a memory leakage flaw, CWE-134 vulnerability in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. The inputs required to exploit the vulnerability is unknown.

if (pkthdr->caplen == pkthdr->len) {
int ip6_len = ipv6_header_length(ip6_hdr, pkthdr->len, l2len);
if (ip6_hdr->ip_len < ip6_len) {
tcpedit_setwarn(tcpedit, "Unable to checksum IPv6 packet with invalid: pkt=" COUNTER_SPEC " IP length=%u caplen=" COUNTER_SPEC,
tcpedit->runtime.packetnum, ip6_hdr->ip_len);
return TCPEDIT_WARN;
}

Additional context
A patch was proposed in the following pull request: #720

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions