Full Disclosure mailing list archives
OpenBSD overflow
From: Erg Noor <fuzzingrf () yandex ru>
Date: Sat, 4 Mar 2023 18:20:30 +0300
Hi, Fun OpenBSD bug. ip_dooptions() will allow IPOPT_SSRR with optlen = 2.save_rte() will set isr_nhops to very large value, which will cause overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/ -erg _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- OpenBSD overflow Erg Noor (Mar 06)