subject:"\[Qemu\-devel\] \[PULL 2\/2\] slirp\: check len against dhcp options array end"

Re: [Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

2017-08-02 Thread Samuel Thibault

Samuel Thibault, on jeu. 03 août 2017 00:26:07 +0200, wrote: > From: Prasad J Pandit > > While parsing dhcp options string in 'dhcp_decode', if an options' > length 'len' appeared towards the end of 'bp_vend' array, ensuing > read could lead to an OOB memory access issue.

[Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

2017-08-02 Thread Samuel Thibault

From: Prasad J Pandit While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing read could lead to an OOB memory access issue. Add check to avoid it. This is CVE-2017-11434. Reported-by: Reno

[Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

2017-08-02 Thread Samuel Thibault

From: Prasad J Pandit While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing read could lead to an OOB memory access issue. Add check to avoid it. Reported-by: Reno Robert

Re: [Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

[Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

[Qemu-devel] [PULL 2/2] slirp: check len against dhcp options array end

3 matches

Site Navigation

Mail list logo

Footer information