diff options
author | Michael Roth <mdroth@linux.vnet.ibm.com> | 2019-09-24 12:18:07 -0500 |
---|---|---|
committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2019-10-01 17:00:56 -0500 |
commit | 9efdbc0224a0edb05e109ad8e1f127b5ac004191 (patch) | |
tree | 59bb752a81ef735516ad8e71b2b5a4edb4e20481 /libdecnumber | |
parent | 28c1dde9aa2a22724f81134035959d1a33a57690 (diff) |
slrip: ip_reass: Fix use after free
Using ip_deq after m_free might read pointers from an allocation reuse.
This would be difficult to exploit, but that is still related with
CVE-2019-14378 which generates fragmented IP packets that would trigger this
issue and at least produce a DoS.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(from libslirp.git commit c59279437eda91841b9d26079c70b8a540d41204)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'libdecnumber')
0 files changed, 0 insertions, 0 deletions