New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Apr 2017
Cc:
Type: Bug-Security



Sign in to add a comment
link

Issue 1153: wireshark: Heap-buffer-overflow in bootp_option

Reported by ClusterFuzz-External, Apr 17 2017 Project Member

Issue description

Detailed report: https://oss-fuzz.com/testcase?key=4781424697671680

Project: wireshark
Fuzzer: afl_wireshark_fuzzshark_dissector_ip
Fuzz target binary: fuzzshark_dissector_ip
Job Type: afl_asan_wireshark
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x617000000329
Crash State:
  bootp_option
  dissect_bootp
  call_dissector_through_handle
  
Sanitizer: address (ASAN)

Regressed: https://oss-fuzz.com/revisions?job=afl_asan_wireshark&range=201704161622:201704171620

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv97M4DsZIDHZJPCrRUdoDUNA6dKl68c3lVdB3gJ0zuPNF90RYIPuJ4NUyL0UE9MmnK8PIklijbI1zKth_IIs1XPlbfBsTr8w535q6x3CCdqanPGIJUh6M-47kN6x6loCVf1U9ICkfTKGZRBIiL_pk_XwgsLaaKUNR49Jud8GBUyIU0R3dcYdgDjuyAk_6ZOAL_oFe1oXI_1yLjy54kUhz5bpqfGvqC18f-kd2dEjxbr9u1CnhmBDwZvMYJhykvz_iQ4iJHSqGfJMK1Bt_DFfVS5HTJHRDXIL0Zy1pGbOJz_C080iDB7egWxjRDe-DRgc_h-SRORlYQaSfhDeusZ3jo5TsFH-I1WVUY14faGfjl0pWjxCh5wC9H3kPHGJm6pwV-KX5OzBjrnc3IWMCxi9vcgxyxcAAhA6E_65jQsxjdpCYdy0QNg?testcase_id=4781424697671680


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
 

Comment 1 by ClusterFuzz-External, Apr 17 2017

Project Member
Labels: OS-Linux

Comment 2 by ClusterFuzz-External, Apr 20 2017

Project Member
ClusterFuzz has detected this issue as fixed in range 201704181620:201704191700.

Detailed report: https://oss-fuzz.com/testcase?key=4781424697671680

Project: wireshark
Fuzzer: afl_wireshark_fuzzshark_dissector_ip
Fuzz target binary: fuzzshark_dissector_ip
Job Type: afl_asan_wireshark
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6140000005cb
Crash State:
  bootp_option
  dissect_bootp
  call_dissector_through_handle
  
Sanitizer: address (ASAN)

Regressed: https://oss-fuzz.com/revisions?job=afl_asan_wireshark&range=201704161622:201704171620
Fixed: https://oss-fuzz.com/revisions?job=afl_asan_wireshark&range=201704181620:201704191700

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv97XoeEblUNlOIbUGJ3Buvdamvwfdhhpn0R4CvCQwGd6hHID903SL4VNPPcioMGK-lZwyfdZWoz50gfJQwyIg2B4b-9yqMitRSEfXlywU_o_4EVByBM32VW0aCqv4Ig24YigKMxyaDWmpwU8u9KJ0R_u8yBNXxqRMN8TxgYxLVnvnoCJ236xcTmr0bHgdfNw2fpbiViXkB8Ho0QcL4IJH0qyOA2_KveNOBBZGfC0C3cn7Eh9WN6mMAEecWUwh5kiIyaF91hTuAWKPODQ-8u_n1xCHWpNeAbnTWgwe8RgWk9YCpflD0wYehkeMY5ONnvOrbVnfx3CVQJkmHKPj5P7NrcXPKsNF-nAvpcn8g6ayqo2P1nzES04vAmq96DScKBeUpCsEeACjSsBYYY81wtzBYONfxQDBwCGXAAF2oqyr212ljz-0GE?testcase_id=4781424697671680


See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 3 by ClusterFuzz-External, Apr 20 2017

Project Member
Labels: ClusterFuzz-Verified
Status: Verified (was: New)
ClusterFuzz testcase 4781424697671680 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 4 by aarya@google.com, Apr 20 2017

Project Member
Status: WontFix (was: Verified)
The fuzz targets were renamed in https://github.com/google/oss-fuzz/commit/1829a50342bd076424294941973d4502a11d4702, so ClusterFuzz has no way of verifying these and hence marks them fixed. It should file new bugs with the new fuzz target names.

Comment 5 by peter@lekensteyn.nl, May 6 2017

Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609

Current status: RESOLVED FIXED

Comment 6 by sheriffbot@chromium.org, May 20 2017

Project Member
Labels: -restrict-view-commit
This bug has been fixed for 30 days. It has been opened to the public.

- Your friendly Sheriffbot

Sign in to add a comment