Decompressor: crash caused by malformed (too short) IR and IR-DYN packets
Bug #1090069 reported by
Didier Barvaux
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
rohc | Status tracked in Rohc-main | |||||
1.3.x |
Invalid
|
Undecided
|
Didier Barvaux | |||
1.4.x |
Invalid
|
Undecided
|
Didier Barvaux | |||
Rohc-1.5.x |
Fix Released
|
Critical
|
Didier Barvaux | |||
Rohc-main |
Fix Released
|
Critical
|
Didier Barvaux |
Bug Description
When parsing malformed IR and IR-DYN packets that are too short, the decompressor may crash because it does not properly check for the packet length before accessing data.
To post a comment you must log in.
Confirmed on main branch.