An exploitable incorrect return value vulnerability...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Dec 23, 2016
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Jan 29, 2023
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.
References