GHSA-cf4g-fcf8-3cr9: `pnet_packet` buffer overrun in `set_payload` setters

February 9, 2023

As indicated by this issue, a buffer overrun is possible in the set_payload setter of the various mutable “Packet” struct setters. The offending set_payload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro.

Fixed in the packet macro by this PR.

References

github.com/advisories/GHSA-cf4g-fcf8-3cr9
github.com/libpnet/libpnet
github.com/libpnet/libpnet/issues/449
rustsec.org/advisories/RUSTSEC-2020-0167.html

Detect and mitigate GHSA-cf4g-fcf8-3cr9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →