Heap-buffer-overflow in canonify_unencrypted_header at packet-c1222-template.c
Summary
In Wireshark-3.5.1rc0, the epsem dissector could cause out-of-bounds memory reads.
Bug information
In line 789 at packet-c1222-template.c
Steps to reproduce
- First, compile the program fuzzshark through ASAN. cmake -GNinja -DCMAKE_C_COMPILER=clang-12 -DCMAKE_CXX_COMPILER=clang++-12 -DDISABLE_WERROR=ON -DOSS_FUZZ=ON -DENABLE_STATIC=ON -DENABLE_PLUGINS=OFF -DENABLE_PCAP=OFF -DENABLE_GNUTLS=OFF -DBUILD_wireshark=OFF /wireshark-3.5.1rc0 && ninja all-fuzzers
- Second, set environment variables.
export FUZZSHARK_TARGET=tcp - Third, run the program with payload packet.
./fuzzshark tcp-crash-sample-001tcp-crash-sample-001
Crash state with ASAN
