-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]heap buffer overflow in tcpprep with get_l2len() #617
Comments
The test logic on datalen was inverted. Processing truncated packats should now raise a warning like the following: Warning: <pcap> was captured using a snaplen of 4 bytes. This may mean you have truncated packets. Fixes appneta#616 appneta#617 Signed-off-by: Gabriel Ganne <[email protected]>
CVE-2020-24266 got assigned for this issue. |
Bug #617 CVE-2020-24266 fix tcpprep get_l2len()
Add safety and failure reporting for packet captures with caplen too small.
Add safety and failure reporting for packet captures with caplen too small.
From mail lists: Hi, The following vulnerability was published for tcpreplay. CVE-2020-24266[0]: If you fix the vulnerability please also make sure to include the For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-24266 Please adjust the affected versions in the BTS as needed. Regards, |
Describe the bug
A heap buffer overflow found in tcpprep with get_l2len().
ASAN report:
To Reproduce
Steps to reproduce the behavior:
poc_tcpprep_heap_buffer_overflow_get_l2len.tar.gz
Expected behavior
Get an a.cach at the path or exit when meet abnormal input.
System (please complete the following information):
OS: ubuntu-16.04.6 x86_64
Additional context
None.
The text was updated successfully, but these errors were encountered: