https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darkjames-ws@xxxxxxxxxxxx
--- Comment #2 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-10-22 01:34:56 PDT ---
Packet #20961, dissect_iphc_crtp_fh:
(gdb) print ip_hdr_len
$1 = 56
(gdb) print length
$2 = 61
ip_packet = tvb_memdup(tvb, 0, length);
...
ip_packet[ip_hdr_len + 5] = (length - ip_hdr_len); <--- ip_hdr_len + 5 >=
length
buffer overflow.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
