Re: Fwd: [scr1564375] your CVE ID requests
On Tue, Dec 26, 2023 at 08:07:20AM +0300, sploitem wrote: > -- Forwarded message - > От: > Date: вт, 19 дек. 2023 г. в 20:39 > Subject: Re: [scr1564375] your CVE ID requests > To: > Cc: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > [Suggested description] > > Integer underflow in ipv6 net component when processing incoming packets. > udp->udp_len is not verified before substruction leading to large number in > len parameter (unsigned int). This can lead to DoS or code execution. Would you please submit a patch to address the issue as well? Thanks. -- Tom signature.asc Description: PGP signature
Fwd: [scr1564375] your CVE ID requests
-- Forwarded message - От: Date: вт, 19 дек. 2023 г. в 20:39 Subject: Re: [scr1564375] your CVE ID requests To: Cc: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > [Suggested description] > Integer underflow in ipv6 net component when processing incoming packets. udp->udp_len is not verified before substruction leading to large number in len parameter (unsigned int). This can lead to DoS or code execution. > > -- > > [Vulnerability Type] > Integer Overflow > > -- > > [Vendor of Product] > U-Boot > > -- > > [Affected Product Code Base] > U-boot - <= v2024.01-rc3 > > -- > > [Affected Component] > u-boot/net/net6.c > > -- > > [Attack Type] > Remote > > -- > > [Impact Code execution] > true > > -- > > [Impact Denial of Service] > true > > -- > > [Attack Vectors] > Crafted ipv6 udp packet. > > -- > > [Reference] > https://github.com/u-boot/u-boot/blob/master/net/net6.c#L442C18-L442C18 > > -- > > [Discoverer] > sploitem This request did not receive a CVE ID assignment as CVEs are not assigned to Release Candidate (rc) versions of products. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at https://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJlgdSnAAoJENiPHH3233OGtbYQAKDjsoR/MIuN6txsUarIqDx9 KzoNx5MR0Ze+HIyZ3vBV1+eUJcnHfStLDaIMRNGR7497+A474X54vn8OVRTqgh+W CPQiTqx2PpJTYikxBAUrbh6uzwFHlb+iv7Dt2mqyZ4Eg+sX8X507YfyyIsWr6Npw VYiXSt53Sy9hQDski7H+Nl3keO3km5G29MdavcvNiAwH0g/a9f+NtRvQvi68X+n7 4nWRa2bzH3zChvOVJ0TRvua9ptwU+svM4wjL9vloEMO8sDO3CyFIoiGhyhseERcT Zv/NpPdqpqlKwRcvY6vW/GMGU6pVhwpIer9jrX4yolviN1d92/J9sIfJXchl5yNh fUnX0NYlBbBKH1Hy/ttOXuOBPeNgFv1VpryJvjyOxmTIpOZUhm1iiehzEGA2pFdO FUHAKmfrugVTr8Gp3HL/tQ3MN08nB64LHkowD+j0+XGN1EEIurWSnwRwdXmEn26Y MSkGbXzT0GiibnkhwpdRxcZW4p33NC+idNBZtb4K8TIcdUdh2P4ZzeyTMYmxMKgp WVHxxKvLEom+E17SAb996Wesia4+gRo+2wK4cXCtnEn7nqz59y1mqBf1uALeTDLG D2/9N3nqGYZEu8WeMjSNYPmUvLMHKvffj9Z81+dBSq/IngZMYuXr6m+UGTce66N1 jmb+4NApCJi3mhF4dUK6 =T698 -END PGP SIGNATURE-