Headline
CVE-2021-39920: Fuzz job crash output: fuzz-2021-11-01-6716.pcap (#17705) · Issues · Wireshark Foundation / wireshark · GitLab
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
Skip to content
Open Issue created Nov 01, 2021 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper
Fuzz job crash output: fuzz-2021-11-01-6716.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2021-11-01-6716.pcap
stderr:
Input file: /var/menagerie/menagerie/attachment_ippusb_print.pcapng
Build host information:
Linux runner-yq5rrvnm-project-7898047-concurrent-1 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
CI job ASan Menagerie Fuzz, ID 1733660730:
Return value: 0
Dissector bug: 0
Valgrind error count: 0
Git commit
commit 9207c6f233c96803b0b58bf58aa97ee41a79f8ab
Author: Gerald Combs <[email protected]>
Date: Sun Oct 31 16:35:20 2021 +0000
[Automatic update for 2021-10-31]
Update manuf, services enterprise numbers, translations, and other items.
Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 -nVxr
Running as user "root" and group "root". This could be dangerous.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==64340==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x7f0a60f712fa bp 0x7ffcdeb329a0 sp 0x7ffcdeb321a0 T0)
==64340==The signal is caused by a READ memory access.
==64340==Hint: address points to the zero page.
#0 0x7f0a60f712fa in dissect_ippusb /builds/wireshark/wireshark/build/../epan/dissectors/packet-ippusb.c:409:113
#1 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
#2 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
#3 0x7f0a6333af79 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1413:8
#4 0x7f0a61eaac28 in try_dissect_next_protocol /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:3670:15
#5 0x7f0a61ea651b in dissect_usb_payload /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:4621:19
#6 0x7f0a61e9de3b in dissect_usb_common /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:5309:5
#7 0x7f0a61ea6ff2 in dissect_win32_usb /builds/wireshark/wireshark/build/../epan/dissectors/packet-usb.c:5331:5
#8 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
#9 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
#10 0x7f0a63343080 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
#11 0x7f0a60b70c26 in dissect_frame /builds/wireshark/wireshark/build/../epan/dissectors/packet-frame.c:783:6
#12 0x7f0a63346831 in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:720:9
#13 0x7f0a6333b660 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:813:9
#14 0x7f0a63343080 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3233:8
#15 0x7f0a63337684 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3246:8
#16 0x7f0a63336e6f in dissect_record /builds/wireshark/wireshark/build/../epan/packet.c:594:3
#17 0x7f0a633065e8 in epan_dissect_run_with_taps /builds/wireshark/wireshark/build/../epan/epan.c:598:2
#18 0x55a3faa94357 in process_packet_second_pass /builds/wireshark/wireshark/build/../tshark.c:3250:5
#19 0x55a3faa9288e in process_cap_file_second_pass /builds/wireshark/wireshark/build/../tshark.c:3389:9
#20 0x55a3faa8c9b6 in process_cap_file /builds/wireshark/wireshark/build/../tshark.c:3650:28
#21 0x55a3faa864c8 in main /builds/wireshark/wireshark/build/../tshark.c:2102:16
#22 0x7f0a565540b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#23 0x55a3fa9b543d in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x5b43d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/wireshark/wireshark/build/../epan/dissectors/packet-ippusb.c:409:113 in dissect_ippusb
==64340==ABORTING
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace