[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #60714] SNMPv3: Buffer overflow in usmusertable_get_ne

From: Tim Schendekehl
Subject: [lwip-devel] [bug #60714] SNMPv3: Buffer overflow in usmusertable_get_next_instance
Date: Tue, 1 Jun 2021 05:20:44 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0


                 Summary: SNMPv3: Buffer overflow in
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: timschendekehl
            Submitted on: Tue 01 Jun 2021 09:20:42 AM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head



Function usmusertable_get_next_instance in src/apps/snmp/snmp_snmpv2_usm.c
constructs an OID, which contains the engine ID and the username. Since engine
ID and username can be 32 bytes long and the lengths are also stored in the
OID, the resulting OID can be up to 1 + 32 + 1 + 32 = 66 elements long. The
generated OID is stored in the local buffer test_oid, which has only 32
elements. For long engine ID or username this can result in a buffer overflow.


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]