New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2017
Cc:
Type: Bug-Security



Sign in to add a comment
link

Issue 1183: wireshark: Heap-buffer-overflow in bootp_option

Reported by ClusterFuzz-External, Apr 19 2017 Project Member

Issue description

Detailed report: https://oss-fuzz.com/testcase?key=6216983760601088

Project: wireshark
Fuzzer: libFuzzer_wireshark_fuzzshark_udp_port-bootp
Fuzz target binary: fuzzshark_udp_port-bootp
Job Type: libfuzzer_asan_wireshark
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6130000006e4
Crash State:
  bootp_option
  bootp_option
  dissect_bootp
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_wireshark&range=201704181620:201704191700

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv97KNaxgDs1gXxOILQzemmRwoJ6gxTeo2b7jUMcCm8P5xvqXFKCYbQBokoi2af6y-ZKnqpva2yfU6ZHWAmMFGMa7OUOg8ev_zFqGosinDhzihosk_uDue3XvYUwcEvNhaBwTUzgaUnyq9Ebe1lFMVbYt1NIAuOyVOSJSKOHMAntQNDgGyvlk_s3qmxgXrQefJ33lGqQaBP2Laab_bqQXqX9vuY9U6UPgSlCBcHygxnPjuutR5tbgdYM2lQdL-B99XkEzSvWqti5tC3pwYnegtYqUC-4DcAJnDICKfQpivkaeQPFpt7KBtHHGeewaGeuP31DwYOAJvkr3ig7i3VUMW4Yqd10p7IoZB64raGMHkHbfxHNgBl1jHYoV6Bq1i1PCXi_MmHw1npC9f1ki4WCw8hwwHU46KzCEm8rnk0BK-pRCLFRk3ME?testcase_id=6216983760601088


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
 

Comment 1 by ClusterFuzz-External, Apr 19 2017

Project Member
Labels: OS-Linux

Comment 2 by ClusterFuzz-External, Apr 26 2017

Project Member
ClusterFuzz has detected this issue as fixed in range 201704231645:201704251645.

Detailed report: https://oss-fuzz.com/testcase?key=6216983760601088

Project: wireshark
Fuzzer: libFuzzer_wireshark_fuzzshark_udp_port-bootp
Fuzz target binary: fuzzshark_udp_port-bootp
Job Type: libfuzzer_asan_wireshark
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6130000006e4
Crash State:
  bootp_option
  bootp_option
  dissect_bootp
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_wireshark&range=201704181620:201704191700
Fixed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_wireshark&range=201704231645:201704251645

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6216983760601088


See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 3 by ClusterFuzz-External, Apr 26 2017

Project Member
Labels: ClusterFuzz-Verified
Status: Verified (was: New)
ClusterFuzz testcase 6216983760601088 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 5 by sheriffbot@chromium.org, May 26 2017

Project Member
Labels: -restrict-view-commit
This bug has been fixed for 30 days. It has been opened to the public.

- Your friendly Sheriffbot

Sign in to add a comment