Skip to content
GitLab
    • Why GitLab
    • Pricing
    • Contact Sales
    • Explore
  • Why GitLab
  • Pricing
  • Contact Sales
  • Explore
  • Sign in
  • Get free trial
  • Wireshark FoundationWireshark Foundation
  • WiresharkWireshark
  • Issues
  • #17933

bpv6 (Bundle) dissector int underflow/overflow leads to inf loop - denial of service

Summary

In the bpv6 protocol evaluate_sdnv function might return negative number which will be used in arithmetic for loop index wireshark___packet-bpv6_c

My short investigation concludes that all loop around these items are affected:

  • hf_block_ciphersuite_param_type
  • hf_block_ciphersuite_result_item_length
  • hf_block_ciphersuite_result_data
  • hf_block_ciphersuite_params_item_length
  • hf_block_ciphersuite_result_type

Please see the attached pcap as an example for the loop around hf_block_ciphersuite_result_type. bundle.block.ciphersuite_result_type.pcap

Build information

TShark (Wireshark) 3.7.0 (v3.7.0rc0-844-g14a1dfbe1083)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking