Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
  • wireshark wireshark
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 1,340
    • Issues 1,340
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 158
    • Merge requests 158
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • External wiki
    • External wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Wireshark Foundation
  • wiresharkwireshark
  • Issues
  • #17636
Closed
Open
Created Oct 08, 2021 by Doneing@DoneingCK

Heap-buffer-overflow in canonify_unencrypted_header at packet-c1222-template.c

Summary

In Wireshark-3.5.1rc0, the epsem dissector could cause out-of-bounds memory reads.

Bug information

In line 789 at packet-c1222-template.c

image

Steps to reproduce

  • First, compile the program fuzzshark through ASAN. cmake -GNinja -DCMAKE_C_COMPILER=clang-12 -DCMAKE_CXX_COMPILER=clang++-12 -DDISABLE_WERROR=ON -DOSS_FUZZ=ON -DENABLE_STATIC=ON -DENABLE_PLUGINS=OFF -DENABLE_PCAP=OFF -DENABLE_GNUTLS=OFF -DBUILD_wireshark=OFF /wireshark-3.5.1rc0 && ninja all-fuzzers
  • Second, set environment variables. export FUZZSHARK_TARGET=tcp
  • Third, run the program with payload packet. ./fuzzshark tcp-crash-sample-001tcp-crash-sample-001

Crash state with ASAN

image image

Sample capture file

tcp-crash-sample-001

Edited Nov 15, 2021 by Gerald Combs
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking