[riot-users] Buffer Overflow in ipv6_addr_from_str() fixed

Martine Lenders mlenders at inf.fu-berlin.de
Thu Apr 27 14:26:33 CEST 2017

the maintainers of RIOT were made aware of a potential vulnerability in the
ipv6_addr module a few days back. An off-by-2 and off-by-4 error caused a
buffer overflow in ipv6_addr_from_str() allowing a potential attacker to
overwrite the return address of the surrounding frame. This occured due to
an error in the transcript of the original version of this function by Paul
Vixie. With [1] and [2] this was fixed for current master and the upcoming
2017.04 release. If you are using older RIOT releases and can't change
right now, we highly recommend you to backport this fix.


[1] https://github.com/RIOT-OS/RIOT/pull/6961
[2] https://github.com/RIOT-OS/RIOT/pull/6962
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.riot-os.org/pipermail/users/attachments/20170427/f604292b/attachment.html>

More information about the users mailing list