Please sign in to comment.
CVE-2017-13027/LLDP: Fix a bounds check.
The total length of the OID is the OID length plus the length of the OID length itself. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture.
- Loading branch information...
Showing with 10 additions and 1 deletion.
|@@ -0,0 +1,8 @@|
|LLDP, length 1048572|
|Management Address TLV (8), length 15|
|Management Address length 6, AFI Reserved (0), no AF printer !|
|Unknown Interface Numbering (10): 666137427|
|00:00:00:a0:d4:c3 > 06:04:e8:03:00:02, ethertype Unknown (0xb2a1), length 58785857:|
|0x0000: 0200 efff e5ff 804f 006e 0026 0000 0000 .......O.n.&....|
|0x0010: 01 .|
BIN +118 Bytes tests/lldp_mgmt_addr_tlv_asan.pcap
Binary file not shown.