Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-22235: Buildbot crash output: fuzz-2021-06-26-9972.pcap (#17462) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

CVE
Open in Source
#ubuntu#linux#dos#git

Skip to content

Open Issue created Jun 26, 2021 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper

Buildbot crash output: fuzz-2021-06-26-9972.pcap

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2021-06-26-9972.pcap

stderr:

Input file: /var/menagerie/menagerie/13795-multipleDNPFramesUDPSegment.pcapng

Build host information:
Linux runner-yq5rrvnm-project-7898047-concurrent-2 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:    20.04
Codename:   focal

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Latest (but not necessarily the problem) commit:
472eaf91 "config.h" need not and should not be included in any header


Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2  -nVxr
Running as user "root" and group "root". This could be dangerous.
=================================================================
==81662==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60400040c730 in thread T0
==81662==WARNING: invalid path to external symbolizer!
==81662==WARNING: Failed to use and restart external symbolizer!
    #0 0x55ad73930492  (/builds/wireshark/wireshark/_install/bin/tshark+0xd9492)
    #1 0x7f821d2f7c00  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa337c00)
    #2 0x7f821e6962ae  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d62ae)
    #3 0x7f821d2f608f  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa33608f)
    #4 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #5 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #6 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #7 0x7f821fa98ac2  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
    #8 0x7f821e694507  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d4507)
    #9 0x7f821e69ca19  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6dca19)
    #10 0x7f821e6972cd  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d72cd)
    #11 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #12 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #13 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #14 0x7f821d8848ce  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c48ce)
    #15 0x7f821d889a4d  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c9a4d)
    #16 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #17 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #18 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #19 0x7f821fa98ac2  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
    #20 0x7f821d473b53  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b3b53)
    #21 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #22 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #23 0x7f821fa9f990  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
    #24 0x7f821fa94b44  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
    #25 0x7f821d47095a  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b095a)
    #26 0x7f821d46f580  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4af580)
    #27 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #28 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #29 0x7f821fa9f990  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
    #30 0x7f821d4fa58b  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa53a58b)
    #31 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #32 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #33 0x7f821fa9f990  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
    #34 0x7f821fa94b44  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
    #35 0x7f821fa943b1  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad43b1)
    #36 0x7f821fa672a8  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcaa72a8)
    #37 0x55ad73995bcf  (/builds/wireshark/wireshark/_install/bin/tshark+0x13ebcf)
    #38 0x55ad73993dd2  (/builds/wireshark/wireshark/_install/bin/tshark+0x13cdd2)
    #39 0x55ad7398eb85  (/builds/wireshark/wireshark/_install/bin/tshark+0x137b85)
    #40 0x55ad73988f66  (/builds/wireshark/wireshark/_install/bin/tshark+0x131f66)
    #41 0x7f821267b0b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #42 0x55ad738b549d  (/builds/wireshark/wireshark/_install/bin/tshark+0x5e49d)

0x60400040c730 is located 32 bytes inside of 46-byte region [0x60400040c710,0x60400040c73e)
allocated by thread T0 here:
    #0 0x55ad739306fd  (/builds/wireshark/wireshark/_install/bin/tshark+0xd96fd)
    #1 0x7f82128e8e98  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98)
    #2 0x7f821f98a11f  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xc9ca11f)
    #3 0x7f821f98159e  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xc9c159e)
    #4 0x7f821d2f7286  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa337286)
    #5 0x7f821e6962ae  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d62ae)
    #6 0x7f821d2f608f  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa33608f)
    #7 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #8 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #9 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #10 0x7f821fa98ac2  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
    #11 0x7f821e694507  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d4507)
    #12 0x7f821e69ca19  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6dca19)
    #13 0x7f821e6972cd  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xb6d72cd)
    #14 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #15 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #16 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #17 0x7f821d8848ce  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c48ce)
    #18 0x7f821d889a4d  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa8c9a4d)
    #19 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #20 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #21 0x7f821fa980b3  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad80b3)
    #22 0x7f821fa98ac2  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8ac2)
    #23 0x7f821d473b53  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b3b53)
    #24 0x7f821faa2dda  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcae2dda)
    #25 0x7f821fa98723  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad8723)
    #26 0x7f821fa9f990  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcadf990)
    #27 0x7f821fa94b44  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xcad4b44)
    #28 0x7f821d47095a  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4b095a)
    #29 0x7f821d46f580  (/builds/wireshark/wireshark/_install/lib/libwireshark.so.0+0xa4af580)

SUMMARY: AddressSanitizer: bad-free (/builds/wireshark/wireshark/_install/bin/tshark+0xd9492) 
==81662==ABORTING

fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.

no debug trace

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE