Closed lstipakov closed 4 months ago
Following code:
unsigned int fullLength; <..> fullLength = PacketLength + PrefixLength;
could cause integer overflow, which will result in allocation of smaller size of memory, which later causes buffer overflow and a bug check.
Fix by checking overflow condition and fail the IRP in case of overflow.
CVE: 2024-1305
Reported-by: Vladimir Tokarev vtokarev@microsoft.com
Looks good to me. ACK.
cron2
commented
4 months ago cron2
commented
4 months ago
Following code:
unsigned int fullLength; <..> fullLength = PacketLength + PrefixLength;
could cause integer overflow, which will result in allocation of smaller size of memory, which later causes buffer overflow and a bug check.
Fix by checking overflow condition and fail the IRP in case of overflow.
CVE: 2024-1305
Reported-by: Vladimir Tokarev vtokarev@microsoft.com