Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8197] New: PER dissector crash

Wireshark-bugs: [Wireshark-bugs] [Bug 8197] New: PER dissector crash
Date: Sat, 12 Jan 2013 13:10:23 +0000
Bug ID	8197
Summary	PER dissector crash
Classification	Unclassified
Product	Wireshark
Version	1.8.4
Hardware	x86-64
OS	Linux (other)
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	TShark
Assignee	bugzilla-admin@wireshark.org
Reporter	laurentb@gmail.com
Created attachment 9801 [details]
Capture that crashes

Build Information:
1.8.4
--
--
Hi,

Here is a PCAP file triggering an that could enable (at least) a remote
party to trigger a denial of service.

This file was generated thanks to a fuzz testing campaign.

Laurent Butti.

--
Program received signal SIGSEGV, Segmentation fault.
sl_alloc (mem_chunk=0x7ffff6d474e0) at
/usr/include/x86_64-linux-gnu/bits/string3.h:52
52    return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) bt
#0  sl_alloc (mem_chunk=0x7ffff6d474e0) at
/usr/include/x86_64-linux-gnu/bits/string3.h:52
#1  0x00007ffff5188d88 in proto_tree_set_representation (pi=<optimized out>,
format=0x7ffff5ddc0af "Item %d", ap=0x7fffffffb9e8) at proto.c:3651
#2  0x00007ffff518c09a in proto_tree_add_text (tree=<optimized out>,
tvb=<optimized out>, start=<optimized out>, length=<optimized out>, 
    format=<optimized out>) at proto.c:1031
#3  0x00007ffff560b91d in dissect_per_sequence_of_helper (tvb=0x1602ea0,
offset=1216, actx=0x7fffffffbf70, tree=0x7ffff7ee3440, 
    func=0x7ffff5b49b80 <dissect_t124_UserId>, hf_index=87963, length=8965) at
packet-per.c:484
#4  0x00007ffff560c7a9 in dissect_per_sequence_of (tvb=0x1602ea0, offset=1184,
actx=0x7fffffffbf70, parent_tree=0x7ffff7ee2900, hf_index=<optimized out>, 
    ett_index=28584, seq=0x7ffff6cda210) at packet-per.c:518
#5  0x00007ffff5b4977b in dissect_t124_SET_OF_UserId (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>, 
    hf_index=<optimized out>) at ../../asn1/t124/t124.cnf:417
#6  0x00007ffff560f413 in dissect_per_sequence (tvb=0x1602ea0, offset=1168,
actx=0x7fffffffbf70, parent_tree=<optimized out>, hf_index=<optimized out>, 
    ett_index=<optimized out>, sequence=0x7ffff6cdad40) at packet-per.c:1813
#7  0x00007ffff5b48beb in dissect_t124_T_private (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>, 
    hf_index=<optimized out>) at ../../asn1/t124/t124.cnf:434
#8  0x00007ffff560f0ca in dissect_per_choice (tvb=0x1602ea0, offset=1130,
actx=0x7fffffffbf70, tree=<optimized out>, hf_index=87967, ett_index=28580, 
    choice=0x7ffff6cdac60, value=0x0) at packet-per.c:1665
#9  0x00007ffff5b48fd4 in dissect_t124_ChannelAttributes (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>, 
    hf_index=<optimized out>) at ../../asn1/t124/t124.cnf:473
#10 0x00007ffff560b943 in dissect_per_sequence_of_helper (tvb=0x1602ea0,
offset=1128, actx=0x7fffffffbf70, tree=0x7ffff7fef2d0, 
    func=0x7ffff5b48fb0 <dissect_t124_ChannelAttributes>, hf_index=87967,
length=105) at packet-per.c:487
#11 0x00007ffff560c7a9 in dissect_per_sequence_of (tvb=0x1602ea0, offset=16,
actx=0x7fffffffbf70, parent_tree=0x7ffff7fde930, hf_index=<optimized out>, 
    ett_index=28587, seq=0x7ffff6cdac30) at packet-per.c:518
#12 0x00007ffff5b497fb in dissect_t124_SET_OF_ChannelAttributes (tvb=<optimized
out>, offset=<optimized out>, actx=<optimized out>, tree=<optimized out>, 
    hf_index=<optimized out>) at ../../asn1/t124/t124.cnf:487
#13 0x00007ffff560f413 in dissect_per_sequence (tvb=0x1602ea0, offset=6,
actx=0x7fffffffbf70, parent_tree=<optimized out>, hf_index=<optimized out>, 
    ett_index=<optimized out>, sequence=0x7ffff6cdabe0) at packet-per.c:1813
#14 0x00007ffff5b48bab in dissect_t124_MergeChannelsConfirm (tvb=<optimized
out>, offset=<optimized out>, actx=<optimized out>, tree=<optimized out>, 
    hf_index=<optimized out>) at ../../asn1/t124/t124.cnf:530
#15 0x00007ffff560f0ca in dissect_per_choice (tvb=0x1602ea0, offset=6,
actx=0x7fffffffbf70, tree=<optimized out>, hf_index=87825, ett_index=28637, 
    choice=0x7ffff6cd9140, value=0x7fffffffc03c) at packet-per.c:1665
#16 0x00007ffff5b49f2e in dissect_t124_DomainMCSPDU (hf_index=<optimized out>,
tree=0x7ffff7ee3da0, actx=0x7fffffffbf70, offset=0, tvb=0x1602ea0)
    at ../../asn1/t124/t124.cnf:196
#17 dissect_DomainMCSPDU_PDU (tvb=0x1602ea0, pinfo=<optimized out>,
tree=0x7ffff7ee3da0) at ../../asn1/t124/packet-t124-template.c:117
#18 0x00007ffff5b4a146 in dissect_t125 (tvb=0x1602ea0, pinfo=0x7fffffffd530,
parent_tree=<optimized out>) at ../../asn1/t125/packet-t125-template.c:85
#19 0x00007ffff5b4a273 in dissect_t125_heur (tvb=0x1602ea0,
pinfo=0x7fffffffd530, parent_tree=0x7ffff7fef000) at
../../asn1/t125/packet-t125-template.c:113
#20 0x00007ffff517ee4c in dissector_try_heuristic (sub_dissectors=<optimized
out>, tvb=0x1602ea0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at
packet.c:1781
#21 0x00007ffff55f581e in ositp_decode_DT (subdissector_found=<synthetic
pointer>, uses_inactive_subset=0, tree=0x7ffff7fef000, pinfo=0x7fffffffd530, 
    tpdu=15 '\017', li=<optimized out>, offset=3, tvb=0x15ff180) at
packet-ositp.c:988
#22 dissect_ositp_internal (tvb=0x15ff180, pinfo=0x7fffffffd530,
tree=0x7ffff7fef000, uses_inactive_subset=0) at packet-ositp.c:1669
#23 0x00007ffff517d1bb in call_dissector_through_handle (handle=0x773e30,
tvb=0x15ff180, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:429
#24 0x00007ffff517d865 in call_dissector_work (handle=0x773e30, tvb=0x15ff180,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#25 0x00007ffff517f5a1 in call_dissector (handle=<optimized out>,
tvb=0x15ff180, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:2050
#26 0x00007ffff578773c in dissect_tpkt_encap (tvb=0x160b460,
pinfo=0x7fffffffd530, tree=0x7ffff7fef000, desegment=1,
subdissector_handle=0x773e30)
    at packet-tpkt.c:555
#27 0x00007ffff517d180 in call_dissector_through_handle (handle=0x103fab0,
tvb=0x160b460, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:433
#28 0x00007ffff517d865 in call_dissector_work (handle=0x103fab0, tvb=0x160b460,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#29 0x00007ffff517e08e in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=102, tvb=0x160b460, pinfo=0x7fffffffd530, tree=0x7ffff7fef000, 
    add_proto_name=1) at packet.c:943
#30 0x00007ffff5767452 in decode_tcp_ports (tvb=<optimized out>,
offset=<optimized out>, pinfo=0x7fffffffd530, tree=0x7ffff7fef000,
src_port=102, 
    dst_port=59806, tcpd=0x7fffecfcda90) at packet-tcp.c:3874
#31 0x00007ffff576788e in process_tcp_payload (tvb=0x15ff580, offset=32,
pinfo=0x7fffffffd530, tree=0x7ffff7fef000, tcp_tree=0x7ffff7ee2420,
src_port=102, 
    dst_port=59806, seq=0, nxtseq=0, is_tcp_segment=0, tcpd=0x7fffecfcda90) at
packet-tcp.c:3933
#32 0x00007ffff5767e31 in desegment_tcp (tcpd=0x7fffecfcda90,
tcp_tree=0x7ffff7ee2420, tree=0x7ffff7fef000, dport=59806, sport=102,
nxtseq=2773418301, 
    seq=2773417985, offset=32, pinfo=0x7fffffffd530, tvb=0x15ff580) at
packet-tcp.c:1799
#33 dissect_tcp_payload (tvb=0x15ff580, pinfo=0x7fffffffd530, offset=<optimized
out>, seq=<optimized out>, nxtseq=2773418301, sport=102, dport=59806, 
---Type <return> to continue, or q <return> to quit---
    tree=0x7ffff7fef000, tcp_tree=0x7ffff7ee2420, tcpd=0x7fffecfcda90) at
packet-tcp.c:4000
#34 0x00007ffff576927f in dissect_tcp (tvb=<optimized out>,
pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet-tcp.c:4748
#35 0x00007ffff517d180 in call_dissector_through_handle (handle=0x100eab0,
tvb=0x15ff580, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:433
#36 0x00007ffff517d865 in call_dissector_work (handle=0x100eab0, tvb=0x15ff580,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#37 0x00007ffff517e08e in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=6, tvb=0x15ff580, pinfo=0x7fffffffd530, tree=0x7ffff7fef000, 
    add_proto_name=1) at packet.c:943
#38 0x00007ffff54bfe6b in dissect_ip (tvb=0x15fdaa0, pinfo=<optimized out>,
parent_tree=0x7ffff7fef000) at packet-ip.c:2396
#39 0x00007ffff517d180 in call_dissector_through_handle (handle=0xb99b30,
tvb=0x15fdaa0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:433
#40 0x00007ffff517d865 in call_dissector_work (handle=0xb99b30, tvb=0x15fdaa0,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#41 0x00007ffff517e08e in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=2048, tvb=0x15fdaa0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000, 
    add_proto_name=1) at packet.c:943
#42 0x00007ffff53adffa in ethertype (etype=2048, tvb=0x160b6a0,
offset_after_etype=14, pinfo=0x7fffffffd530, tree=0x7ffff7fef000,
fh_tree=0x7ffff7ed5120, 
    etype_id=21641, trailer_id=21645, fcs_len=-1) at packet-ethertype.c:270
#43 0x00007ffff53acabc in dissect_eth_common (tvb=0x160b6a0,
pinfo=0x7fffffffd530, parent_tree=0x7ffff7fef000, fcs_len=-1) at
packet-eth.c:403
#44 0x00007ffff517d180 in call_dissector_through_handle (handle=0x9e2820,
tvb=0x160b6a0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:433
#45 0x00007ffff517d865 in call_dissector_work (handle=0x9e2820, tvb=0x160b6a0,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#46 0x00007ffff517e08e in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=1, tvb=0x160b6a0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000, 
    add_proto_name=1) at packet.c:943
#47 0x00007ffff53dfc1b in dissect_frame (tvb=0x160b6a0, pinfo=0x7fffffffd530,
parent_tree=0x7ffff7fef000) at packet-frame.c:383
#48 0x00007ffff517d180 in call_dissector_through_handle (handle=0xa2a740,
tvb=0x160b6a0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:433
#49 0x00007ffff517d865 in call_dissector_work (handle=0xa2a740, tvb=0x160b6a0,
pinfo_arg=0x7fffffffd530, tree=0x7ffff7fef000, add_proto_name=1)
    at packet.c:524
#50 0x00007ffff517f5a1 in call_dissector (handle=<optimized out>,
tvb=0x160b6a0, pinfo=0x7fffffffd530, tree=0x7ffff7fef000) at packet.c:2050
#51 0x00007ffff517f9b4 in dissect_packet (edt=0x7fffffffd520,
pseudo_header=0x0, pd=0x15d43a0 "", fd=0x7fffffffd6c0, cinfo=0x0) at
packet.c:364
#52 0x000000000041ad8b in process_packet (cf=0x6449e0, offset=<optimized out>,
whdr=<optimized out>, pseudo_header=0x15cf328, pd=0x15d43a0 "", 
    filtering_tap_listeners=<optimized out>, tap_flags=4) at tshark.c:3106
#53 0x000000000040dc5f in load_cap_file (max_byte_count=0,
max_packet_count=-1273, out_file_name_res=0, out_file_type=2, save_file=0x0,
cf=<optimized out>)
    at tshark.c:2899
#54 main (argc=<optimized out>, argv=<optimized out>) at tshark.c:1791

(gdb) exploitable -v
'exploitable' version 1.04
Linux nitro 3.2.0-30-generic #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC 2012 x86_64
Signal si_signo: 11 Signal si_addr: 0x0
Nearby code:
   0x00007ffff51738b0 <+0>: push   rbx
   0x00007ffff51738b1 <+1>: mov    rax,QWORD PTR [rdi+0x10]
   0x00007ffff51738b5 <+5>: mov    rbx,rdi
   0x00007ffff51738b8 <+8>: test   rax,rax
   0x00007ffff51738bb <+11>:    je     0x7ffff51738d0 <sl_alloc+32>
=> 0x00007ffff51738bd <+13>:    mov    rdx,QWORD PTR [rax]
   0x00007ffff51738c0 <+16>:    mov    QWORD PTR [rdi+0x10],rdx
   0x00007ffff51738c4 <+20>:    pop    rbx
   0x00007ffff51738c5 <+21>:    ret    
   0x00007ffff51738c6 <+22>:    nop    WORD PTR cs:[rax+rax*1+0x0]
Stack trace:
#  0 sl_alloc at 0x7ffff51738bd in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  1 proto_tree_set_representation at 0x7ffff5188d88 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  2 proto_tree_add_text at 0x7ffff518c09a in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  3 dissect_per_sequence_of_helper at 0x7ffff560b91d in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  4 dissect_per_sequence_of at 0x7ffff560c7a9 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  5 dissect_t124_SET_OF_UserId at 0x7ffff5b4977b in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  6 dissect_per_sequence at 0x7ffff560f413 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  7 dissect_t124_T_private at 0x7ffff5b48beb in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  8 dissect_per_choice at 0x7ffff560f0ca in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
#  9 dissect_t124_ChannelAttributes at 0x7ffff5b48fd4 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 10 dissect_per_sequence_of_helper at 0x7ffff560b943 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 11 dissect_per_sequence_of at 0x7ffff560c7a9 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 12 dissect_t124_SET_OF_ChannelAttributes at 0x7ffff5b497fb in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 13 dissect_per_sequence at 0x7ffff560f413 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 14 dissect_t124_MergeChannelsConfirm at 0x7ffff5b48bab in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 15 dissect_per_choice at 0x7ffff560f0ca in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 16 dissect_t124_DomainMCSPDU at 0x7ffff5b49f2e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 17 dissect_DomainMCSPDU_PDU at 0x7ffff5b49f2e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 18 dissect_t125 at 0x7ffff5b4a146 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 19 dissect_t125_heur at 0x7ffff5b4a273 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 20 dissector_try_heuristic at 0x7ffff517ee4c in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 21 ositp_decode_DT at 0x7ffff55f581e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 22 dissect_ositp_internal at 0x7ffff55f581e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 23 call_dissector_through_handle at 0x7ffff517d1bb in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 24 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 25 call_dissector at 0x7ffff517f5a1 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 26 dissect_tpkt_encap at 0x7ffff578773c in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 27 call_dissector_through_handle at 0x7ffff517d180 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 28 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 29 dissector_try_uint_new at 0x7ffff517e08e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 30 decode_tcp_ports at 0x7ffff5767452 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 31 process_tcp_payload at 0x7ffff576788e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 32 desegment_tcp at 0x7ffff5767e31 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 33 dissect_tcp_payload at 0x7ffff5767e31 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 34 dissect_tcp at 0x7ffff576927f in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 35 call_dissector_through_handle at 0x7ffff517d180 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 36 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 37 dissector_try_uint_new at 0x7ffff517e08e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 38 dissect_ip at 0x7ffff54bfe6b in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 39 call_dissector_through_handle at 0x7ffff517d180 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 40 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 41 dissector_try_uint_new at 0x7ffff517e08e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
---Type <return> to continue, or q <return> to quit---
# 42 ethertype at 0x7ffff53adffa in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 43 dissect_eth_common at 0x7ffff53acabc in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 44 call_dissector_through_handle at 0x7ffff517d180 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 45 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 46 dissector_try_uint_new at 0x7ffff517e08e in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 47 dissect_frame at 0x7ffff53dfc1b in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 48 call_dissector_through_handle at 0x7ffff517d180 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 49 call_dissector_work at 0x7ffff517d865 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 50 call_dissector at 0x7ffff517f5a1 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 51 dissect_packet at 0x7ffff517f9b4 in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
# 52 process_packet at 0x41ad8b in
/home/laurent/fuzzing/bin/wireshark-1.8.4/bin/tshark
# 53 load_cap_file at 0x40dc5f in
/home/laurent/fuzzing/bin/wireshark-1.8.4/bin/tshark
# 54 main at 0x40dc5f in /home/laurent/fuzzing/bin/wireshark-1.8.4/bin/tshark
Faulting frame: #  0 sl_alloc at 0x7ffff51738bd in
/home/laurent/fuzzing/bin/wireshark-1.8.4/lib/libwireshark.so.2.0.4
Description: Access violation
Short description: AccessViolation (20/21)
Hash: 443627f0ec9f8fbe3076e95544580739.21407070f41946e566bee9873babf224
Exploitability Classification: UNKNOWN
Explanation: The target crashed due to an access violation but there is not
enough additional information available to determine exploitability.
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8197] PER dissector crash
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 8196] New: GPRS Tunnel Protocoll GTP Version 1 does not decode End User Address IE for IPv4v6(8D) type
Next by Date: [Wireshark-bugs] [Bug 8198] New: RTPS dissector crash
Previous by thread: [Wireshark-bugs] [Bug 8196] GPRS Tunnel Protocoll GTP Version 1 does not decode End User Address IE for IPv4v6(8D) type
Next by thread: [Wireshark-bugs] [Bug 8197] PER dissector crash
Index(es):
- Date
- Thread