Nmap 开发:修复数据包解析中的越界读取问题(PR #2954)
开发者提交了一个包含三个修复的Pull Request(#2954),解决了HopByHopHeader::validate和PacketParser::split中的越界读取问题,并添加了AFL测试代码。这些问题是在NCC Group的一次Hackathon中发现的,尽管没有安全影响,但希望能尽快修复。 2025-5-15 08:15:59 Author: seclists.org(查看原文) 阅读量:7 收藏
开发者提交了一个包含三个修复的Pull Request(#2954),解决了HopByHopHeader::validate和PacketParser::split中的越界读取问题,并添加了AFL测试代码。这些问题是在NCC Group的一次Hackathon中发现的,尽管没有安全影响,但希望能尽快修复。 2025-5-15 08:15:59 Author: seclists.org(查看原文) 阅读量:7 收藏
Nmap Development mailing list archives
From: Domen Puncer Kugler via dev <dev () nmap org>
Date: Tue, 14 Jan 2025 11:19:15 +0000
Hi, I've submitted a pull request a few months ago: https://github.com/nmap/nmap/pull/2954 The PR includes following three commits: - Fix out of bounds read in HopByHopHeader::validate - Fix out of bounds read in PacketParser::split - Add AFL test code for PacketParser This was found as a part of a short Hackathon at NCC Group. As far as I can tell, there is no security impact, but it would still be nice to see this fixed. Kind regards
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
Current thread:
- PR #2954, Fix out of bounds reads in packet parsing Domen Puncer Kugler via dev (Feb 12)
文章来源: https://seclists.org/nmap-dev/2025/q1/7
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh