Wireshark-bugs: [Wireshark-bugs] [Bug 11037] New: Infinite loop DoS in ForCES dissector

Date: Sat, 07 Mar 2015 22:18:36 +0000
Bug ID 11037
Summary Infinite loop DoS in ForCES dissector
Product Wireshark
Version 1.12.3
Hardware x86
OS Mac OS X 10.9
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Hello, I found an infinite loop condition using Fabian Yamaguchi's tool joern.
There is an infinite loop condition in dissect_redirecttlv() in
epan/dissectors/packet-foces.c. On 32-bit platforms, it's possible for an
attacker to set the the variable 'length_ilv' to -8, causing the loop to never
terminate. Unfortunately, I couldn't find a ForCES capture sample to synthesize
an example packet capture from.


You are receiving this mail because:
  • You are watching all bug changes.