https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836
Summary: possibly exploitable crash
Product: Wireshark
Version: 1.4.4
Platform: x86-64
OS/Version: Gentoo
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: sczimmer@xxxxxxxxx
Build Information:
wireshark 1.4.4
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.20.1, with GLib 2.26.1, with libpcap 1.1.1, with
libz 1.2.5, with POSIX capabilities (Linux), with libpcre (version unknown),
without SMI, without c-ares, without ADNS, without Lua, with Python, with
GnuTLS
2.10.4, without Gcrypt, without Kerberos, without GeoIP, without PortAudio,
without AirPcap.
Running on Linux 2.6.36-gentoo-r5, with libpcap version 1.1.1, with libz 1.2.5,
GnuTLS 2.10.5.
Built using gcc 4.4.5.
--
on packet-dect.c line 1889:
memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8);
it copies packet data into a 128 byte buffer on the stack
to generate a pcap file that triggers the crash:
in scapy:
wrpcap("test.pcap",Ether(type=0x2323)/("A"*1000))
the attached pcap file was generated that way
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.