Snort mailing list archives

Question about CVE-2020-16898 Rules

From: "s.g Choi via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 21 Oct 2020 09:09:12 +0900

Hi, Talos Team
 
I have a question about the CVE-2020-16898 rule you have distributed. 
This option is part of the CVE-2020-16898 rule in Snort subscription rules. 
 
'''
byte_test:1,!&,1,0,relative,bitmask 0x01; 
'''
 
As far as I know, this is an option to determine whether it's odd or even in ICMPv6 RDNSS length. 
Even odd numbers are enough to determind using bitwise & 1, I wonder why we should do bitmask operation. 
 
Best Regards, Choi

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Question about CVE-2020-16898 Rules s.g Choi via Snort-sigs (Oct 20)