Open nandedkarhrishi opened 3 years ago
Context:
Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: https://github.com/openthread/wpantund/blob/master/src/ncp-spinel/SpinelNCPInstance.cpp#L2180) but is considered as unsigned int (ref: https://github.com/openthread/wpantund/blob/master/third_party/openthread/src/ncp/spinel.c#L597).
Expected behavior and actual behavior:
Expected Behavior: Trigger an exception, because size of buffer needed, is not available.
Actual Behavior: The metric_len variable triggers stack buffer overflow.
Version Details:
The issue was first found in wpantund: 4ae4619d7db67db8f316507ceb91879221da0c42
Affected commits: 4ae4619d7db67db8f316507ceb91879221da0c42 to bf45115f41ba2b8029eda174be2b93dea73b9261
CVE
CVE-2021-33889 (Reserved)
Context:
Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: https://github.com/openthread/wpantund/blob/master/src/ncp-spinel/SpinelNCPInstance.cpp#L2180) but is considered as unsigned int (ref: https://github.com/openthread/wpantund/blob/master/third_party/openthread/src/ncp/spinel.c#L597).
Expected behavior and actual behavior:
Expected Behavior: Trigger an exception, because size of buffer needed, is not available.
Actual Behavior: The metric_len variable triggers stack buffer overflow.
Version Details:
The issue was first found in wpantund: 4ae4619d7db67db8f316507ceb91879221da0c42
Affected commits: 4ae4619d7db67db8f316507ceb91879221da0c42 to bf45115f41ba2b8029eda174be2b93dea73b9261
CVE
CVE-2021-33889 (Reserved)