Headline
CVE-2021-22173: Buildbot crash output: fuzz-2020-12-31-3467971.pcap (#17124) · Issues · Wireshark Foundation / wireshark · GitLab
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2020-12-31-3467971.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/17769-mouse.pcapng
Build host information:
Linux build1 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
Buildbot information:
[email protected]:wireshark/wireshark.git
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_URL=https://buildbot.wireshark.org/wireshark-3.4/
BUILDBOT_BUILDNUMBER=43
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=17b2a16b5afe321126b5bbb642c6b23fd2924f06
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Git commit
commit 17b2a16b5afe321126b5bbb642c6b23fd2924f06
Author: Nardi Ivan <[email protected]>
Date: Wed Dec 30 15:49:06 2020 +0000
TLS: fix display of Google QUIC Version in Transport Parameters
(cherry picked from commit a23915c9a86ae8d4b5a497b114b06d7835ed9070)
Command and args: ./tools/valgrind-wireshark.sh -b /home/wireshark/builders/wireshark-3.4-fuzz/fuzztest/install.plain/bin
==765509== Memcheck, a memory error detector
==765509== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==765509== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==765509== Command: /home/wireshark/builders/wireshark-3.4-fuzz/fuzztest/install.plain/bin/tshark -nr /fuzz/buildbot/fuzztest/valgrind-fuzz-3.4/fuzz-2020-12-31-3467971.pcap
==765509==
==765509==
==765509== HEAP SUMMARY:
==765509== in use at exit: 26,895,965 bytes in 1,930,155 blocks
==765509== total heap usage: 4,548,734 allocs, 2,618,579 frees, 269,536,955 bytes allocated
==765509==
==765509== LEAK SUMMARY:
==765509== definitely lost: 26,854,523 bytes in 1,929,950 blocks
==765509== indirectly lost: 0 bytes in 0 blocks
==765509== possibly lost: 0 bytes in 0 blocks
==765509== still reachable: 22,063 bytes in 170 blocks
==765509== suppressed: 19,379 bytes in 35 blocks
==765509== Rerun with --leak-check=full to see details of leaked memory
==765509==
==765509== For lists of detected and suppressed errors, rerun with: -s
==765509== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Definitely + indirectly (26854523 + 0) exceeds max (102400).
no debug trace
Related news
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).