We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Context:
Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: https://github.com/openthread/wpantund/blob/master/src/ncp-spinel/SpinelNCPInstance.cpp#L2180) but is considered as unsigned int (ref: https://github.com/openthread/wpantund/blob/master/third_party/openthread/src/ncp/spinel.c#L597).
Expected behavior and actual behavior:
Expected Behavior: Trigger an exception, because size of buffer needed, is not available.
Actual Behavior: The metric_len variable triggers stack buffer overflow.
Version Details:
The issue was first found in wpantund: 4ae4619
Affected commits: 4ae4619 to bf45115
CVE
CVE-2021-33889 (Reserved)
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Context:
Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: https://github.com/openthread/wpantund/blob/master/src/ncp-spinel/SpinelNCPInstance.cpp#L2180) but is considered as unsigned int (ref: https://github.com/openthread/wpantund/blob/master/third_party/openthread/src/ncp/spinel.c#L597).
Expected behavior and actual behavior:
Expected Behavior: Trigger an exception, because size of buffer needed, is not available.
Actual Behavior: The metric_len variable triggers stack buffer overflow.
Version Details:
The issue was first found in wpantund: 4ae4619
Affected commits: 4ae4619 to bf45115
CVE
CVE-2021-33889 (Reserved)
The text was updated successfully, but these errors were encountered: