Headline
CVE-2023-0415: Fuzz job crash output: fuzz-2023-01-11-10954.pcap (#18796) · Issues · Wireshark Foundation / wireshark · GitLab
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Skip to content
Open Issue created Jan 11, 2023 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper
Fuzz job crash output: fuzz-2023-01-11-10954.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2023-01-11-10954.pcap.gz
stderr:
Branch: master
Input file: /var/menagerie/menagerie/13649-hwiscsi.ipv4.rw=read.bs=4k.oio=1.57711.1500.c=10K.pcap.gz
CI job name: ASan Menagerie Fuzz, ID: 3584468798
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/3584468798
Return value: 0
Dissector bug: 0
Date and time: Wed Jan 11 11:28:33 UTC 2023
Commits in the last 48 hours:
313fed6d dftest: Add --types option
70e006fc dftest: Revert to using "->"
8a4f22be ALP: fix issue #18795 (memory management issues)
5e3dba3d NAS 5GS: upgrade dissector to v17.9.0
42f7ee88 LLS: fix msvc warning: possible loss of data
60912dae LLS: add dissector for ATSC3 Low Level Signalling (LLS) Protocol
3c9662b1 note that tvb_child_uncompress attaches to parent
8bf01503 note to use the tvb_child_uncompress* alternative
95a16270 note need to free return in uncompress functions
988d4585 ipsec: fix comment
005ea28d sip: fix leak in uncompress
0150297d rtps: fix leak in uncompress
01fda90a mcpe: fix leak in uncompress
39ee45a0 multipart: fix leak in uncompress
8461440f gelf: fix leak in uncompress
f7290f2c mysql: fix leak in uncompress
e80b2ab5 ALP: add decoders for Link Mapping Table (LMT) and Sony header extensions
1fc51673 mako: Updated Metamako trailer dissection
4d38cf9e FAQ: Fix some markup
56deed1c GTPv2: correction of IE MM Context EPS QQ
Build host information:
Linux 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 --log-fatal-domains=UTF-8 -nr
Running as user "root" and group "root". This could be dangerous.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==65913==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7efec227e97d bp 0x7ffe75a38c90 sp 0x7ffe75a38448 T0)
==65913==The signal is caused by a READ memory access.
==65913==Hint: address points to the zero page.
#0 0x7efec227e97d (/lib/x86_64-linux-gnu/libc.so.6+0x19d97d) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#1 0x55b2713b3739 in strlen (/builds/wireshark/wireshark/_install/bin/tshark+0x64739) (BuildId: 31a56ee39b1468ac12e53d09938420b6de663800)
#2 0x7efecd2c0d92 in ws_label_strcpy /builds/wireshark/wireshark/epan/strutil.c:821:15
#3 0x7efecd2c1f77 in ws_label_strcat /builds/wireshark/wireshark/epan/strutil.c:944:12
#4 0x7efecd164fd3 in col_do_append_str /builds/wireshark/wireshark/epan/column-utils.c:888:14
#5 0x7efecd16492e in col_append_str /builds/wireshark/wireshark/epan/column-utils.c:899:3
#6 0x7efecada96d8 in dissect_iscsi_pdu /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:866:9
#7 0x7efecadad465 in dissect_iscsi_pdu /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:1558:9
#8 0x7efecada7a79 in dissect_iscsi /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:2503:9
#9 0x7efecada52fa in dissect_iscsi_handle /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:2521:12
#10 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#11 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#12 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
#13 0x7efecd17922e in try_conversation_call_dissector_helper /builds/wireshark/wireshark/epan/conversation.c:1579:11
#14 0x7efecd178caa in try_conversation_dissector /builds/wireshark/wireshark/epan/conversation.c:1613:13
#15 0x7efecbabb18c in decode_tcp_ports /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7200:9
#16 0x7efecbac40e3 in process_tcp_payload /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7364:13
#17 0x7efecbac1334 in desegment_tcp /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:4345:9
#18 0x7efecbabda31 in dissect_tcp_payload /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7437:9
#19 0x7efecbad1ef7 in dissect_tcp /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:8504:17
#20 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#21 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#22 0x7efecd1bed73 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1526:8
#23 0x7efecad2060e in ip_try_dissect /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:1822:7
#24 0x7efecad259e5 in dissect_ip_v4 /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:2328:10
#25 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#26 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#27 0x7efecd1bed73 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1526:8
#28 0x7efecd1bf7f2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1550:9
#29 0x7efeca8d6ac3 in dissect_ethertype /builds/wireshark/wireshark/epan/dissectors/packet-ethertype.c:296:21
#30 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#31 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#32 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
#33 0x7efecd1bb804 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3416:8
#34 0x7efeca8d3703 in dissect_eth_common /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:596:5
#35 0x7efeca8d2257 in dissect_eth /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:902:5
#36 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#37 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#38 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
#39 0x7efeca975249 in dissect_frame /builds/wireshark/wireshark/epan/dissectors/packet-frame.c:1018:6
#40 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
#41 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
#42 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
#43 0x7efecd1bb804 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3416:8
#44 0x7efecd1bafea in dissect_record /builds/wireshark/wireshark/epan/packet.c:626:3
#45 0x7efecd18dc18 in epan_dissect_run_with_taps /builds/wireshark/wireshark/epan/epan.c:638:2
#46 0x55b271487615 in process_packet_second_pass /builds/wireshark/wireshark/tshark.c:3273:9
#47 0x55b271485699 in process_cap_file_second_pass /builds/wireshark/wireshark/tshark.c:3417:13
#48 0x55b27147fc79 in process_cap_file /builds/wireshark/wireshark/tshark.c:3721:34
#49 0x55b271479418 in main /builds/wireshark/wireshark/tshark.c:2252:22
#50 0x7efec210ad8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#51 0x7efec210ae3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#52 0x55b27139c6c4 in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x4d6c4) (BuildId: 31a56ee39b1468ac12e53d09938420b6de663800)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x19d97d) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
==65913==ABORTING
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace