Bug ID |
11036
|
Summary |
Infinite loop DoS in LBMR dissector
|
Product |
Wireshark
|
Version |
1.12.3
|
Hardware |
x86
|
OS |
Mac OS X 10.9
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Build Information:
Version 1.99.2 (v1.99.2-0-gb2db3bf from master)
--
Hello, I found an infinite loop condition using Fabian Yamaguchi's tool joern.
There is an infinite loop condition in dissect_lbmr_pser() in
epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the
variable 'option_len' to 0, causing the loop to never terminate. Unfortunately,
I couldn't find an LBMR sample to synthesize an example packet capture from.
You are receiving this mail because:
- You are watching all bug changes.