Headline
CVE-2021-22235: Buildbot crash output: fuzz-2021-06-26-9972.pcap (#17462) · Issues · Wireshark Foundation / wireshark
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2021-06-26-9972.pcap
stderr:
Input file: /var/menagerie/menagerie/13795-multipleDNPFramesUDPSegment.pcapng
Build host information:
Linux runner-yq5rrvnm-project-7898047-concurrent-2 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
Return value: 0
Dissector bug: 0
Valgrind error count: 0
Latest (but not necessarily the problem) commit:
472eaf91 "config.h" need not and should not be included in any header
Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 -nVxr
Running as user "root" and group "root". This could be dangerous.
=================================================================
==81662==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60400040c730 in thread T0
==81662==WARNING: invalid path to external symbolizer!
==81662==WARNING: Failed to use and restart external symbolizer!
#0 0x55ad73930492 (/builds/wireshark/wireshark/_install/bin/tshark+0xd9492)
#1 0x7f821d2f7c00 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa337c00)
#2 0x7f821e6962ae (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d62ae)
#3 0x7f821d2f608f (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa33608f)
#4 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#5 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#6 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#7 0x7f821fa98ac2 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
#8 0x7f821e694507 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d4507)
#9 0x7f821e69ca19 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6dca19)
#10 0x7f821e6972cd (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d72cd)
#11 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#12 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#13 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#14 0x7f821d8848ce (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c48ce)
#15 0x7f821d889a4d (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c9a4d)
#16 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#17 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#18 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#19 0x7f821fa98ac2 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
#20 0x7f821d473b53 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b3b53)
#21 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#22 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#23 0x7f821fa9f990 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
#24 0x7f821fa94b44 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
#25 0x7f821d47095a (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b095a)
#26 0x7f821d46f580 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4af580)
#27 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#28 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#29 0x7f821fa9f990 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
#30 0x7f821d4fa58b (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa53a58b)
#31 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#32 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#33 0x7f821fa9f990 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
#34 0x7f821fa94b44 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
#35 0x7f821fa943b1 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad43b1)
#36 0x7f821fa672a8 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcaa72a8)
#37 0x55ad73995bcf (/builds/wireshark/wireshark/_install/bin/tshark+0x13ebcf)
#38 0x55ad73993dd2 (/builds/wireshark/wireshark/_install/bin/tshark+0x13cdd2)
#39 0x55ad7398eb85 (/builds/wireshark/wireshark/_install/bin/tshark+0x137b85)
#40 0x55ad73988f66 (/builds/wireshark/wireshark/_install/bin/tshark+0x131f66)
#41 0x7f821267b0b2 (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#42 0x55ad738b549d (/builds/wireshark/wireshark/_install/bin/tshark+0x5e49d)
0x60400040c730 is located 32 bytes inside of 46-byte region [0x60400040c710,0x60400040c73e)
allocated by thread T0 here:
#0 0x55ad739306fd (/builds/wireshark/wireshark/_install/bin/tshark+0xd96fd)
#1 0x7f82128e8e98 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98)
#2 0x7f821f98a11f (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xc9ca11f)
#3 0x7f821f98159e (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xc9c159e)
#4 0x7f821d2f7286 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa337286)
#5 0x7f821e6962ae (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d62ae)
#6 0x7f821d2f608f (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa33608f)
#7 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#8 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#9 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#10 0x7f821fa98ac2 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
#11 0x7f821e694507 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d4507)
#12 0x7f821e69ca19 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6dca19)
#13 0x7f821e6972cd (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d72cd)
#14 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#15 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#16 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#17 0x7f821d8848ce (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c48ce)
#18 0x7f821d889a4d (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c9a4d)
#19 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#20 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#21 0x7f821fa980b3 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
#22 0x7f821fa98ac2 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
#23 0x7f821d473b53 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b3b53)
#24 0x7f821faa2dda (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
#25 0x7f821fa98723 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
#26 0x7f821fa9f990 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
#27 0x7f821fa94b44 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
#28 0x7f821d47095a (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b095a)
#29 0x7f821d46f580 (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4af580)
SUMMARY: AddressSanitizer: bad-free (/builds/wireshark/wireshark/_install/bin/tshark+0xd9492)
==81662==ABORTING
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace
To upload designs, you’ll need to enable LFS and have an admin enable hashed storage. More information