Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8335] New: crash in mount dissector with malicious packet

Wireshark-bugs: [Wireshark-bugs] [Bug 8335] New: crash in mount dissector with malicious packet

Date: Fri, 15 Feb 2013 12:11:59 +0000

Bug ID	8335
Summary	crash in mount dissector with malicious packet
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 10014 [details]
pcap of malicious mount packet

Build Information:

--
If the nfs_file_name_snooping option is enabled (it is disabled by default),
then a malicious packet can cause g_malloc to fail in
dissect_mount_dirpath_call by passing a negative length value. The sanity check
there fails because len is declared as a signed int.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8334] New: [BACnet] NPDU DLEN of 7 is shown to be invalid
Next by Date: [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
Previous by thread: [Wireshark-bugs] [Bug 8334] [BACnet] NPDU DLEN of 7 is shown to be invalid
Next by thread: [Wireshark-bugs] [Bug 8335] crash in mount dissector with malicious packet
Index(es):
- Date
- Thread