Skip to content
GitLab
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • wireshark wireshark
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 1.4k
    • Issues 1.4k
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 178
    • Merge requests 178
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • External wiki
    • External wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Wireshark FoundationWireshark Foundation
  • wiresharkwireshark
  • Issues
  • #17636
Closed
Open
Issue created Oct 08, 2021 by Doneing@DoneingCK

Heap-buffer-overflow in canonify_unencrypted_header at packet-c1222-template.c

Summary

In Wireshark-3.5.1rc0, the epsem dissector could cause out-of-bounds memory reads.

Bug information

In line 789 at packet-c1222-template.c

image

Steps to reproduce

  • First, compile the program fuzzshark through ASAN. cmake -GNinja -DCMAKE_C_COMPILER=clang-12 -DCMAKE_CXX_COMPILER=clang++-12 -DDISABLE_WERROR=ON -DOSS_FUZZ=ON -DENABLE_STATIC=ON -DENABLE_PLUGINS=OFF -DENABLE_PCAP=OFF -DENABLE_GNUTLS=OFF -DBUILD_wireshark=OFF /wireshark-3.5.1rc0 && ninja all-fuzzers
  • Second, set environment variables. export FUZZSHARK_TARGET=tcp
  • Third, run the program with payload packet. ./fuzzshark tcp-crash-sample-001tcp-crash-sample-001

Crash state with ASAN

image image

Sample capture file

tcp-crash-sample-001

Edited Nov 15, 2021 by Gerald Combs
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking