| Bug ID |
11037
|
| Summary |
Infinite loop DoS in ForCES dissector
|
| Product |
Wireshark
|
| Version |
1.12.3
|
| Hardware |
x86
|
| OS |
Mac OS X 10.9
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Hello, I found an infinite loop condition using Fabian Yamaguchi's tool joern.
There is an infinite loop condition in dissect_redirecttlv() in
epan/dissectors/packet-foces.c. On 32-bit platforms, it's possible for an
attacker to set the the variable 'length_ilv' to -8, causing the loop to never
terminate. Unfortunately, I couldn't find a ForCES capture sample to synthesize
an example packet capture from.
You are receiving this mail because:
- You are watching all bug changes.