heap buffer overflow in tcptrace
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcptrace (Ubuntu) |
New
|
Undecided
|
JinHuang |
Bug Description
Our Team found a heap buffer overflow bug in tcptrace while fuzzing it with a malformed packet.
The problem package is https:/
Some other information about it:
xxx@ubuntu:~/work$ which tcptrace
/usr/bin/tcptrace
1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
tcptrace:
Installed: 6.6.7-5
Candidate: 6.6.7-5
Version table:
*** 6.6.7-5 0
100 /var/lib/
6.6.7-4.1 0
500 http://
3) What you expected to happen
tcptrace not crash.
4) What happened instead
tcptrace crashed with "Segmentation fault".
The call stack with the crash input is:
#0 0x0000000000417d96 in MemCpy (vp1=0x88b270, vp2=0x7ff47814701e,
n=0xfffffff
#1 0x0000000000411b8f in callback (user=0x0, phdr=0x7ffea3d6
buf=
#2 0x00007ff47b52ab71 in ?? () from /usr/lib/
#3 0x00000000004122aa in pread_tcpdump (ptime=0x674670 <current_time>,
plen=
pphystype=
at tcpdump.c:247
#4 0x0000000000413b74 in ProcessFile (
filename=
#5 0x00000000004134b2 in main (argc=0x1, argv=0x7ffea3d6
at tcptrace.c:785
#6 0x00007ff47b169ec5 in __libc_start_main (main=0x4132ba <main>, argc=0x2,
argv=
rtld_
#7 0x0000000000402469 in _start ()
credit:
ADLab of Venustech
summary: |
- tcptrace crashed with malformed packet + heap buffer overflow in tcptrace |
Changed in tcptrace (Ubuntu): | |
assignee: | nobody → JinHuang (101huang) |