| Bug ID |
12594
|
| Summary |
Infinite loop in add_headers() in packet_wsp.c
|
| Product |
Wireshark
|
| Version |
2.0.4
|
| Hardware |
x86-64
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 14708 [details]
Sample generated with AFL
Build Information:
TShark (Wireshark) 2.0.4
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with libz 1.2.8, with GLib 2.48.1, without SMI, with c-ares 1.11.0, with Lua
5.2, with GnuTLS 3.4.13, with Gcrypt 1.7.1, with MIT Kerberos, with GeoIP.
Running on Linux 4.6.3-1-ARCH, with locale en_US.utf8, with libpcap version
1.7.4, with libz 1.2.8, with GnuTLS 3.4.13, with Gcrypt 1.7.1.
Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz (with SSE4.2)
Built using gcc 6.1.1 20160602.
--
This issue was uncovered with AFL (http://lcamtuf.coredump.cx/afl/)
This infinite loop is caused by an offset of 0 being returned by
wkh_content_disposition(). This offset of 0 prevents the while loop using
"offset < tvb_len" from returning and results in an infinite loop.
This issue has been observed in both tshark 1.12.x and 2.0.x.
Credit goes to Chris Benedict, Aurelien Delaitre, NIST SAMATE Project,
https://samate.nist.gov
You are receiving this mail because:
- You are watching all bug changes.