Ghost Leak — Pre-Auth Buffer Over-read via TTL=0 + IP Total Length in ArubaOS 8.13.2.0
ArubaOS 8.13.2.0 reads 18 bytes past packet boundaries via inflated IP Total Length. TTL=0 packets — which RFC 791 mandates must be destroyed — are processed and replied to, making the attack invisible. 27/27 crafted packets confirmed. Bugcrowd said zeroed bytes mean no vulnerability. CVE-2003-0001 and CVE-2021-3031 were accepted on the identical mechanism.