Guy Harris 6fca58f5f9 CVE-2017-12996/PIMv2: Make sure PIM TLVs have the right length. ...

We do bounds checks based on the TLV length, so if the TLV's length is
too short, and we don't check for that, we could end up fetching data
past the end of the TLV - including past the length of the captured data
in the packet.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).

2017-09-13 12:25:44 +01:00

64 KiB

Raw History

View Raw