[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] OpenBSD overflow

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] OpenBSD overflow
From: Erg Noor <fuzzingrf@xxxxxxxxx>
Date: Sat, 4 Mar 2023 18:20:30 +0300

Hi,


Fun OpenBSD bug.

ip_dooptions() will allow IPOPT_SSRR with optlen = 2.

save_rte() will set isr_nhops to very large value, which will causeoverflow in next ip_srcroute() call.



More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/


-erg
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN
Next by Date: [FD] SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway
Previous by thread: [FD] SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN
Next by thread: [FD] SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway
Index(es):
- Date
- Thread