Miggo Logo
Miggo Vulnerability Database
GHSA-cf4g-fcf8-3cr9

GHSA-cf4g-fcf8-3cr9: `pnet_packet` buffer overrun in `set_payload` setters

6

CVSS Score
3.0

Basic Information

CVE ID
-
GHSA ID
GHSA-cf4g-fcf8-3cr9
EPSS Score
-
CWE
-
Published
2/9/2023
Updated
2/9/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pnet_packetrust< 0.27.20.27.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability explicitly affects set_payload setters generated by the packet macro in pre-0.27.2 versions. While specific struct names aren't provided in the advisory, the core issue lies in the macro's code generation for mutable packet implementations. The PR #455 fix in the macro confirms that all set_payload methods generated by this macro were vulnerable to buffer overruns due to improper payload length handling. The high confidence comes from the direct correlation between the vulnerability description, the fix location, and the nature of macro-generated setters affecting multiple packet types uniformly.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*s in*i**t** *y t*is [issu*](*ttps://*it*u*.*om/li*pn*t/li*pn*t/issu*s/***#issu**omm*nt-*********), * *u***r ov*rrun is possi*l* in t** `s*t_p*ylo**` s*tt*r o* t** v*rious mut**l* "P**k*t" stru*t s*tt*rs. T** o***n*in* `s*t_p*ylo**` *un*tions w*r* **

Reasoning

T** vuln*r**ility *xpli*itly *****ts `s*t_p*ylo**` s*tt*rs **n*r*t** *y t** `p**k*t` m**ro in pr*-*.**.* v*rsions. W*il* sp**i*i* stru*t n*m*s *r*n't provi*** in t** **visory, t** *or* issu* li*s in t** m**ro's *o** **n*r*tion *or mut**l* p**k*t impl