Please sign in to comment.
CVE-2017-13049/Rx: add a missing bounds check for Ubik
One of the case blocks in ubik_print() didn't check bounds before fetching 32 bits of packet data and could overread past the captured packet data by that amount. This fixes a buffer over-read discovered by Henri Salo from Nixu Corporation. Add a test using the capture file supplied by the reporter(s).
- Loading branch information...
Showing with 5 additions and 0 deletions.
|@@ -0,0 +1 @@|
|IP truncated-ip - 2598 bytes missing! 126.96.36.199.3503 > 188.8.131.52.7002: rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|ubik] (2632)|