CVE-2007-5030

Name of the Vulnerable Software and Affected Versions Dibbler version 0.6.0

Description The issue is related to multiple integer overflows that can be triggered by remote attackers sending packets with options of large lengths. This can cause the daemon to crash due to attempts at excessive memory allocation. The overflows are demonstrated in various constructors and methods, including the TSrvMsg constructor, TClntMsg, TClntOptIAAddress, TClntOptIAPrefix, TOptVendorSpecInfo, and TOptOptionRequest constructors, as well as the TRelIfaceMgr::decodeRelayRepl, TRelMsg::decodeOpts, and TSrvIfaceMgr::decodeRelayForw methods.

Recommendations For Dibbler version 0.6.0, consider disabling the affected constructors and methods, such as the TSrvMsg constructor, TClntMsg, TClntOptIAAddress, TClntOptIAPrefix, TOptVendorSpecInfo, and TOptOptionRequest constructors, as well as the TRelIfaceMgr::decodeRelayRepl, TRelMsg::decodeOpts, and TSrvIfaceMgr::decodeRelayForw methods, until a patch is available. Restrict access to the vulnerable parts of the code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.