If you have a build issue, consider downloading the latest release
Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!
Describe the bug
There is a heap-overflow bug in get_ipv6_next. Different from #718 (The crash point is in line 679, *((int*)((u_char *)exthdr + len))), this bug is triggered in line 713 (*((int*)((u_char *)exthdr + len)) > maxlen).
You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.
If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.
If you have a build issue, consider downloading the latest release
Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!
Describe the bug
There is a heap-overflow bug in get_ipv6_next. Different from #718 (The crash point is in line 679,
*((int*)((u_char *)exthdr + len))), this bug is triggered in line 713 (*((int*)((u_char *)exthdr + len)) > maxlen).To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.
Screenshots

System (please complete the following information):
Additional context
POC
poc.zip
The text was updated successfully, but these errors were encountered: