Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Format string vulnerability in fix_ipv6_checksums() function #723

Closed
tin-z opened this issue Mar 28, 2022 · 1 comment
Closed

[Bug] Format string vulnerability in fix_ipv6_checksums() function #723

tin-z opened this issue Mar 28, 2022 · 1 comment
Projects

Comments

@tin-z
Copy link

tin-z commented Mar 28, 2022

Describe the bug
Tcpreplay version 4.4.1 contains a memory leakage flaw, CWE-134 vulnerability in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. The inputs required to exploit the vulnerability is unknown.

if (pkthdr->caplen == pkthdr->len) {
int ip6_len = ipv6_header_length(ip6_hdr, pkthdr->len, l2len);
if (ip6_hdr->ip_len < ip6_len) {
tcpedit_setwarn(tcpedit, "Unable to checksum IPv6 packet with invalid: pkt=" COUNTER_SPEC " IP length=%u caplen=" COUNTER_SPEC,
tcpedit->runtime.packetnum, ip6_hdr->ip_len);
return TCPEDIT_WARN;
}

Additional context
A patch was proposed in the following pull request: #720

@fklassen fklassen added this to To do in 4.4.2 Apr 22, 2022
@fklassen fklassen moved this from To do to In progress in 4.4.2 Aug 1, 2022
@fklassen
Copy link
Member

fklassen commented Aug 1, 2022

Fixed in PR #720

@fklassen fklassen closed this as completed Aug 1, 2022
4.4.2 automation moved this from In progress to Done Aug 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
4.4.2
Done
Development

No branches or pull requests

2 participants