Good afternoon. While looking at your code, we discovered an off-by-one index comparison against length may lead to out-of-bounds read
flaw in your v2ray-core repository. Indexing operations on arrays, slices or strings should use an index at most one less than the length. If the index to be accessed is checked for being less than or equal to the length (<=), instead of less than the length (<), the index could be out of bounds.
Please review lines 140-144 of proxy/vmess/encoding/commands.go
, most specifically line 142.
cmd.Level = uint32(data[levelStart])
timeStart := levelStart + 1
if len(data) < timeStart {
return nil, newError("insufficient length.")
}
This vulnerability is capable of an out of bounds read.