Lucene search
Unknown8DA19456-4D89-41EF-9781-A41EFD6A1877HistoryNov 07, 2021 - 7:27 p.m.
in v2fly/v2ray-core
2021-11-0719:27:13
Unknown
www.huntr.dev
8
v2ray-core
off-by-one index
out-of-bounds read
array indexing
EPSS
0.002
Percentile
56.6%
Description
Good afternoon. While looking at your code, we discovered an off-by-one index comparison against length may lead to out-of-bounds read flaw in your v2ray-core repository. Indexing operations on arrays, slices or strings should use an index at most one less than the length. If the index to be accessed is checked for being less than or equal to the length (<=), instead of less than the length (<), the index could be out of bounds.
Proof of Concept
Please review lines 140-144 of proxy/vmess/encoding/commands.go, most specifically line 142.
cmd.Level = uint32(data[levelStart])
timeStart := levelStart + 1
if len(data) < timeStart {
return nil, newError("insufficient length.")
}
Impact
This vulnerability is capable of an out of bounds read.
References
Related
cvelist
cvelist
CVE-2021-4070 Off-by-one Error in v2fly/v2ray-core
2022-02-23 19:50:10
prion
prion
Design/Logic Flaw
2022-02-23 20:15:00
osv
osv
CVE-2021-4070
2022-02-23 20:15:09
Off-by-one Error in v2fly/v2ray-core
2022-02-24 00:00:52
Off-by-one Error in v2fly/v2ray-core in github.com/v2fly/v2ray-core
2024-08-21 15:11:36
nvd
nvd
CVE-2021-4070
2022-02-23 20:15:09
veracode
veracode
Denial Of Service (DoS)
2022-02-24 12:41:44
ubuntucve
ubuntucve
CVE-2021-4070
2022-02-23 00:00:00
debiancve
debiancve
CVE-2021-4070
2022-02-23 20:15:09
cve
cve
CVE-2021-4070
2022-02-23 20:15:09
github
github
Off-by-one Error in v2fly/v2ray-core
2022-02-24 00:00:52