Please sign in to comment.
CVE-2017-13054/LLDP: add a missing length check
In lldp_private_8023_print() the case block for subtype 4 (Maximum Frame Size TLV, IEEE 802.3bc-2009 Section 79.3.4) did not include the length check and could over-read the input buffer, put it right. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s).
- Loading branch information...
Showing with 8 additions and 0 deletions.
|@@ -0,0 +1,4 @@|
|LLDP, length 4293194266|
|Organization specific TLV (127), length 4: OUI IEEE 802.3 Private (0x00120f)|
|Max frame size Subtype (4)|
BIN +147 Bytes tests/lldp_8023_mtu-oobr.pcap
Binary file not shown.