Generation of Error Message Containing Sensitive Information in luigirizzo/netmap
Reported on
Feb 3rd 2022
Description
In the Netmap source code, calls to DbgPrint(); can be found to contain a formatting argument (%p to be specific) yet no argument, this would (in most cases) lead to nearby data being printed to the debug stream.
Impact
This vulnerability is capable of allowing an attacker to read data from kernel-space (albeit a very small amount and almost certainly at locations that the attacker cannot specify) which may contain sensitive information.
Occurrences
netmap_windows.c L971
DbgPrint("unimplemented generic_timer_handler %p\n");
All of the other occurances of this issue follow a similar format.
SECURITY.md
a year ago
I can confirm the bug, but the Windows port is currently unmaintained and very likely unused.
Thanks for confirming the bug, if the Windows port is less used then I doubt anyone would have been bothered to exploit this which is good! I have submitted a pull request from a fork that has the patch (https://github.com/luigirizzo/netmap/pull/836) so if everything looks okay; could you validate this report and the fix?
Thanks, Michael