[riot-devel] Buffer Overflow in ipv6_addr_from_str() fixed

Martine Lenders m.lenders at fu-berlin.de
Thu Apr 27 10:49:07 CEST 2017


Hi,
the maintainers of RIOT were made aware of a potential vulnerability in the
ipv6_addr module a few days back. An off-by-2 and off-by-4 error caused a
buffer overflow in ipv6_addr_from_str() allowing a potential attacker to
overwrite the return address of the surrounding frame. This occured due to
an error in the transcript of the original version of this function by Paul
Vixie. With [1] and [2] this was fixed for current master and the upcoming
2017.04 release. If you are using older RIOT releases and can't change
right now, we highly recommend you to backport this fix.

Regards,
Martine

[1] https://github.com/RIOT-OS/RIOT/pull/6961
[2] https://github.com/RIOT-OS/RIOT/pull/6962
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/devel/attachments/20170427/3db34e4f/attachment.html>


More information about the devel mailing list