[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #60714] SNMPv3: Buffer overflow in usmusertable_get_ne
|
From: |
Tim Schendekehl |
|
Subject: |
[lwip-devel] [bug #60714] SNMPv3: Buffer overflow in usmusertable_get_next_instance |
|
Date: |
Tue, 1 Jun 2021 05:20:44 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0 |
URL:
<https://savannah.nongnu.org/bugs/?60714>
Summary: SNMPv3: Buffer overflow in
usmusertable_get_next_instance
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: timschendekehl
Submitted on: Tue 01 Jun 2021 09:20:42 AM UTC
Category: apps
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
Function usmusertable_get_next_instance in src/apps/snmp/snmp_snmpv2_usm.c
constructs an OID, which contains the engine ID and the username. Since engine
ID and username can be 32 bytes long and the lengths are also stored in the
OID, the resulting OID can be up to 1 + 32 + 1 + 32 = 66 elements long. The
generated OID is stored in the local buffer test_oid, which has only 32
elements. For long engine ID or username this can result in a buffer overflow.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?60714>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [bug #60714] SNMPv3: Buffer overflow in usmusertable_get_next_instance,
Tim Schendekehl <=