Headline
CVE-2020-26419: Buildbot crash output: fuzz-2020-11-19-20476.pcap (#17032) · Issues · Wireshark Foundation / wireshark · GitLab
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2020-11-19-20476.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/xrite-i1displaypro-i1profiler.pcap.gz
Build host information:
Linux build6 4.15.0-122-generic #124-Ubuntu SMP Thu Oct 15 13:03:05 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=5344
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=https://buildbot.wireshark.org/wireshark-master/
[email protected]:wireshark/wireshark.git
BUILDBOT_GOT_REVISION=1d7bc367e943464f912a67ad436fabddb1a61a37
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Latest (but not necessarily the problem) commit:
1d7bc367e9 GSM A Common: Dissect polygon points
Command and args: ./tools/valgrind-wireshark.sh -b /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin -T
==10764== Memcheck, a memory error detector
==10764== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==10764== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==10764== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark -Vx -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2020-11-19-20476.pcap
==10764==
==10764==
==10764== HEAP SUMMARY:
==10764== in use at exit: 597,877 bytes in 8,905 blocks
==10764== total heap usage: 2,023,536 allocs, 2,014,631 frees, 157,450,596 bytes allocated
==10764==
==10764== LEAK SUMMARY:
==10764== definitely lost: 556,928 bytes in 8,702 blocks
==10764== indirectly lost: 0 bytes in 0 blocks
==10764== possibly lost: 0 bytes in 0 blocks
==10764== still reachable: 40,154 bytes in 172 blocks
==10764== suppressed: 795 bytes in 31 blocks
==10764== Rerun with --leak-check=full to see details of leaked memory
==10764==
==10764== For counts of detected and suppressed errors, rerun with: -v
==10764== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Definitely + indirectly (556928 + 0) exceeds max (102400).
no debug trace
Related news
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...