Headline
CVE-2018-14468: (for 4.9.3) CVE-2018-14468/FRF.16: Add a missing length check. · the-tcpdump-group/tcpdump@aa3e54f
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
Commit
Permalink
Browse files
Browse the repository at this point in the history
(for 4.9.3) CVE-2018-14468/FRF.16: Add a missing length check.
The specification says in a well-formed Magic Number information element the data is exactly 4 bytes long. In mfr_print() check this before trying to read those 4 bytes.
This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s).
- Loading branch information