http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1998
Summary: Missing bounds check in packet-portmap.c can cause segv
Product: Wireshark
Version: 0.99.6
Platform: All
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark-bugs@xxxxxxxxxxxxx
Build Information:
wireshark 0.99.6
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.4.13, with GLib 2.4.7, with libpcap 0.8.3, with libz
1.2.1.2, without libpcre, without Net-SNMP, without ADNS, without Lua, without
GnuTLS, with Gcrypt 1.2.0, with MIT Kerberos, without PortAudio, without
AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.9-42.0.3.ELsmp, with libpcap version 0.8.3.
Built using gcc 3.4.6 20060404 (Red Hat 3.4.6-8).
--
In packet-portmap.c, dissect_rpc_indir_reply() is called, which can end up
going recursive. Since the offset is not checked against the tvb_length, it is
possible to exhaust the stack and crash.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.