Wireshark-bugs: [Wireshark-bugs] [Bug 11036] New: Infinite loop DoS in LBMR dissector
Date: Sat, 07 Mar 2015 22:08:10 +0000
Bug ID 11036
Summary Infinite loop DoS in LBMR dissector
Product Wireshark
Version 1.12.3
Hardware x86
OS Mac OS X 10.9
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter vlad902+wireshark@gmail.com

Build Information:
Version 1.99.2 (v1.99.2-0-gb2db3bf from master)
--
Hello, I found an infinite loop condition using Fabian Yamaguchi's tool joern.
There is an infinite loop condition in dissect_lbmr_pser() in
epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the
variable 'option_len' to 0, causing the loop to never terminate. Unfortunately,
I couldn't find an LBMR sample to synthesize an example packet capture from.


You are receiving this mail because:
  • You are watching all bug changes.