Skip to content

Commit cc4a739

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.
It's not good enough to check whether all the data specified by the AVP length was captured - you also have to check whether that length is large enough for all the required data in the AVP. This fixes a buffer over-read discovered by Yannick Formaggio. Add a test using the capture file supplied by the reporter(s).
1 parent 4e430c6 commit cc4a739

File tree

4 files changed

+219
-46
lines changed

4 files changed

+219
-46
lines changed

0 commit comments

Comments
 (0)