PT-2022-11306 · V2Fly+1 · V2Ray-Core+1
Published
2022-02-23
·
Updated
2024-08-21
·
CVE-2021-4070
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
v2fly/v2ray-core versions prior to 4.44.0
Description
The issue is related to an off-by-one error in indexing operations on arrays, slices, or strings. This error occurs when the index is checked for being less than or equal to the length (
<=), instead of less than the length (<), potentially leading to an out-of-bounds index.Recommendations
For versions prior to 4.44.0, update to version 4.44.0 or later to resolve the issue.
As a temporary workaround, consider reviewing and adjusting indexing operations to ensure they use an index at most one less than the length.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
V2Ray-Core