Wireshark-bugs: [Wireshark-bugs] [Bug 5836] New: possibly exploitable crash

Date: Sun, 17 Apr 2011 01:19:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836

           Summary: possibly exploitable crash
           Product: Wireshark
           Version: 1.4.4
          Platform: x86-64
        OS/Version: Gentoo
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: sczimmer@xxxxxxxxx


Build Information:
wireshark 1.4.4

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.20.1, with GLib 2.26.1, with libpcap 1.1.1, with
libz 1.2.5, with POSIX capabilities (Linux), with libpcre (version unknown),
without SMI, without c-ares, without ADNS, without Lua, with Python, with
GnuTLS
2.10.4, without Gcrypt, without Kerberos, without GeoIP, without PortAudio,
without AirPcap.

Running on Linux 2.6.36-gentoo-r5, with libpcap version 1.1.1, with libz 1.2.5,
GnuTLS 2.10.5.

Built using gcc 4.4.5.

--
on packet-dect.c line 1889:
    memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8);

it copies packet data into a 128 byte buffer on the stack

to generate a pcap file that triggers the crash:
in scapy:
wrpcap("test.pcap",Ether(type=0x2323)/("A"*1000))

the attached pcap file was generated that way

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.