Please sign in to comment.
CVE-2017-13049/Rx: add a missing bounds check for Ubik
One of the case blocks in ubik_print() didn't check bounds before fetching 32 bits of packet data and could overread past the captured packet data by that amount. This fixes a buffer over-read discovered by Henri Salo from Nixu Corporation. Add a test using the capture file supplied by the reporter(s).
- Loading branch information
Showing with 5 additions and 0 deletions.
|@@ -0,0 +1 @@|
|IP truncated-ip - 2598 bytes missing! 184.108.40.206.3503 > 220.127.116.11.7002: rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|ubik] (2632)|
BIN +329 Bytes tests/rx_ubik-oobr.pcap
Binary file not shown.