-
Notifications
You must be signed in to change notification settings - Fork 841
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2016-7923/Don't assume the target hardware address is <= 6 octets…
… long. It might not be, either because an unusual hardware type is using ARP or because a maliciously-constructed packet was sent. Instead of comparing against a 6-octet string of zeros with memcmp(), check each octet of the address against 0. Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
- Loading branch information
Showing
4 changed files
with
14 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
ARP, Unknown Hardware (12336) (len 14), IPv4 (len 4), Request who-has 48.48.48.48 (30:30:30:30:30:30:30:30:30:30:30:30:30:30) tell 48.48.48.48, length 808464414 |
Binary file not shown.