OpenBSD version 7.2 suffers from an overflow vulnerability. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause an overflow in the next ip_srcroute() call.
SHA-256 | 6aea32da93ccffa7fa7a888b010cc9b2cd121b1c2b6e081ded5446c568530e66
