Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39920: Fuzz job crash output: fuzz-2021-11-01-6716.pcap (#17705) · Issues · Wireshark Foundation / wireshark · GitLab

NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

CVE
#ubuntu#linux#dos#git#auth

Skip to content

Open Issue created Nov 01, 2021 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper

Fuzz job crash output: fuzz-2021-11-01-6716.pcap

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2021-11-01-6716.pcap

stderr:

Input file: /var/menagerie/menagerie/attachment_ippusb_print.pcapng

Build host information:
Linux runner-yq5rrvnm-project-7898047-concurrent-1 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:    20.04
Codename:   focal

CI job ASan Menagerie Fuzz, ID 1733660730: 

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 9207c6f233c96803b0b58bf58aa97ee41a79f8ab
Author: Gerald Combs <[email protected]>
Date:   Sun Oct 31 16:35:20 2021 +0000

    [Automatic update for 2021-10-31]
    
    Update manuf, services enterprise numbers, translations, and other items.


Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2  -nVxr
Running as user "root" and group "root". This could be dangerous.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==64340==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x7f0a60f712fa bp 0x7ffcdeb329a0 sp 0x7ffcdeb321a0 T0)
==64340==The signal is caused by a READ memory access.
==64340==Hint: address points to the zero page.
    #0 0x7f0a60f712fa in dissect_ippusb /builds/wireshark/wireshark/build/../epan/dissectors/packet-ippusb.c:409:113
    #1 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
    #2 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
    #3 0x7f0a6333af79 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1413:8
    #4 0x7f0a61eaac28 in try_dissect_next_protocol /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:3670:15
    #5 0x7f0a61ea651b in dissect_usb_payload /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:4621:19
    #6 0x7f0a61e9de3b in dissect_usb_common /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:5309:5
    #7 0x7f0a61ea6ff2 in dissect_win32_usb /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:5331:5
    #8 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
    #9 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
    #10 0x7f0a63343080 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
    #11 0x7f0a60b70c26 in dissect_frame /builds/wireshark/wireshark/build/../epan/dissectors/packet-frame.c:783:6
    #12 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
    #13 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
    #14 0x7f0a63343080 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
    #15 0x7f0a63337684 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
    #16 0x7f0a63336e6f in dissect_record /builds/wireshark/wireshark/build/../epan/packet.c:594:3
    #17 0x7f0a633065e8 in epan_dissect_run_with_taps /builds/wireshark/wireshark/build/../epan/epan.c:598:2
    #18 0x55a3faa94357 in process_packet_second_pass /builds/wireshark/wireshark/build/../tshark.c:3250:5
    #19 0x55a3faa9288e in process_cap_file_second_pass /builds/wireshark/wireshark/build/../tshark.c:3389:9
    #20 0x55a3faa8c9b6 in process_cap_file /builds/wireshark/wireshark/build/../tshark.c:3650:28
    #21 0x55a3faa864c8 in main /builds/wireshark/wireshark/build/../tshark.c:2102:16
    #22 0x7f0a565540b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #23 0x55a3fa9b543d in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x5b43d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/wireshark/wireshark/build/../epan/dissectors/packet-ippusb.c:409:113 in dissect_ippusb
==64340==ABORTING

fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.

no debug trace

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907