Please sign in to comment.
CVE-2017-11108/Fix bounds checking for STP.
Check whether the flags are in the captured data before printing them in an MSTP BPDU. Check whether V4 length is in the captured data before fetching it. This fixes a vulnerability discovered by Kamil Frankowicz. Include a test for the "check whether the V4 length is..." fix, using the capture supplied by Kamil Frankowicz.
- Loading branch information...
Showing with 4 additions and 0 deletions.
|@@ -0,0 +1 @@|
|STP 802.1aq, Rapid STP, CIST Flags [Learn, Forward], length 808464415[|stp 808464415]|
BIN +324 Bytes tests/stp-v4-length-sigsegv.pcap
Binary file not shown.