[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] OpenBSD overflow
From: Erg Noor <fuzzingrf () yandex ! ru>
Date: 2023-03-04 15:20:30
Message-ID: ae93356c-c2a5-ecbb-330f-f957b65bfef3 () yandex ! ru
[Download RAW message or body]
Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic