An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in fnetip6extheaderhandleroptions in fnet_ip6.c, leading to Denial-of-Service.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "4.6.4"
}
]
}