Wireshark - erf_meta_read_tag SIGSEGV

EDB-ID:

39877

CVE:

N/A

EDB Verified:

Author:

Google Security Research

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2016-06-01

Vulnerable App: 
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=803

The following SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"):

--- cut ---
==28415==ERROR: AddressSanitizer: SEGV on unknown address 0x61b000022d84 (pc 0x7f0e1b0002a2 bp 0x7ffde25a76f0 sp 0x7ffde25a7630 T0)
    #0 0x7f0e1b0002a1 in erf_meta_read_tag wireshark/wiretap/erf.c:1242:13
    #1 0x7f0e1afff0f0 in populate_summary_info wireshark/wiretap/erf.c:1851:27
    #2 0x7f0e1aff34d6 in erf_read wireshark/wiretap/erf.c:447:7
    #3 0x7f0e1b1a746b in wtap_read wireshark/wiretap/wtap.c:1245:7
    #4 0x528196 in load_cap_file wireshark/tshark.c:3478:12
    #5 0x51e67c in main wireshark/tshark.c:2192:13

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV wireshark/wiretap/erf.c:1242:13 in erf_meta_read_tag
==28415==ABORTING
--- cut ---

The crash was reported at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12352. Attached are three files which trigger the crash.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39877.zip
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services