CVE-2024-38063.py

# copy from nullenc0de's gist,just a backup
# org: https://gist.github.com/nullenc0de

class IPv6Packet:
    def __init__(self, main_header_length, extension_headers):
        self.main_header_length = main_header_length
        self.extension_headers = extension_headers

def process_packet(packet):
    total_length = packet.main_header_length
    
    # Vulnerable loop: doesn't check for integer underflow
    for header_length in packet.extension_headers:
        total_length += header_length
    
    # Simulating a buffer to hold packet data
    buffer = bytearray(64)  # Only 64 bytes allocated
    
    # Vulnerable write: uses unchecked total_length
    for i in range(total_length):
        buffer[i] = 0xFF  # Potential out-of-bounds write
    
    return buffer

# Normal packet
normal_packet = IPv6Packet(40, [8, 16])
result = process_packet(normal_packet)
print("Normal packet processed, buffer length:", len(result))

# Malicious packet causing integer underflow
malicious_packet = IPv6Packet(40, [8, 2**32 - 47])  # Very large number
try:
    result = process_packet(malicious_packet)
    print("Malicious packet processed, buffer length:", len(result))
except IndexError as e:
    print("Crash occurred:", str(e))