EtherLeak: IP Total Length Over-read via Ethernet Frame Padding
IP Total Length over-read via Ethernet frame padding is not a solved problem. CVE-2003-0001 (2003), CVE-2021-3031 (Palo Alto, 2021), and multiple 2026 findings prove the mechanism survives across architectures and vendors. This post breaks down the math, the invisibility cloak, and the PoC.