Skip to content

Commit

Permalink
Add advisory for pnet_packet (#1595)
Browse files Browse the repository at this point in the history 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
  • Loading branch information
@sidunder
sidunder and sidunder committed Feb 9, 2023
1 parent b485cf4 commit 516ebee
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions crates/pnet_packet/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "pnet_packet"
date = "2020-06-19"
url = "https://github.com/libpnet/libpnet/issues/449"
categories = ["memory-corruption"]
cvss = "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"

[versions]
patched = [">= 0.27.2"]
```

# `pnet_packet` buffer overrun in `set_payload` setters

As indicated by this [issue](https://github.com/libpnet/libpnet/issues/449#issuecomment-663355987), a buffer overrun is possible in the `set_payload` setter of the various mutable "Packet" struct setters. The offending `set_payload` functions were defined within the struct `impl` blocks in earlier versions of the package, and later by the `packet` macro.

Fixed in the `packet` macro by [this](https://github.com/libpnet/libpnet/pull/455) PR.

0 comments on commit 516ebee

Please sign in to comment.