Project

General

Profile

Actions

Security #3168

closed

tls: out of bounds read

Added by Victor Julien over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

b32b4642212dac764ca67a5fce8c97394e199631

Severity:
Disclosure Date:

Description

==7789==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000031d6 at pc 0x555555dec3b7 bp 0x7fffffff8530 sp 0x7fffffff8528
READ of size 1 at 0x6060000031d6 thread T0
    #0 0x555555dec3b6 in TLSDecodeHSHelloExtensionSupportedVersions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:962:42
    #1 0x555555de8b1b in TLSDecodeHSHelloExtensions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1224:23
    #2 0x555555de33d3 in TLSDecodeHandshakeHello /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1353:11
    #3 0x555555ddd4eb in SSLv3ParseHandshakeType /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c
    #4 0x555555dd903c in SSLv3ParseHandshakeProtocol /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1620:14
    #5 0x555555dcb3b2 in SSLv3Decode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2293:22
    #6 0x555555dc3402 in SSLDecode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2471:30
    #7 0x555555d741f6 in AppLayerParserParse /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-parser.c:1188:13
    #8 0x555555d40898 in LLVMFuzzerTestOneInput /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/fuzz_app_ssl.c:103:3
    #9 0x555556ce3832 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x178f832)
    #10 0x555556cd3da4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x177fda4)
    #11 0x555556cdcace in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x1788ace)
    #12 0x555555c23d23 in main (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfd23)
    #13 0x7ffff6cb1ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
    #14 0x555555c23edd in _start (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfedd)

Related issues 1 (0 open1 closed)

Copied to Suricata - Security #3169: tls: out of bounds read (5.x)ClosedVictor JulienActions
Actions

Also available in: Atom PDF