There is a overflow vulnerability in function handle_prism while handle wifipacp's caplen.
void WifiPacket::handle_prism(const u_char *pc, size_t len)
{
....
cbs->HandlePrism( *this, &hdr, pc + 144, len - 144);
}
if the caplen < 144, we can cause a integer overflow vulnerability in function handle_80211, which will result in a out-of-bounds read and may allow access to sensitive memory(or just a ddos).
There is a overflow vulnerability in function
handle_prismwhile handle wifipacp's caplen.if the caplen < 144, we can cause a integer overflow vulnerability in function
handle_80211, which will result in a out-of-bounds read and may allow access to sensitive memory(or just a ddos).The text was updated successfully, but these errors were encountered: