Project

General

Profile

Actions
Copy link

Security #3169

closed

tls: out of bounds read (5.x)

Added by Victor Julien about 5 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
5.0rc1
Affected Versions:
5.0beta1
Label:
CVE:
2019-15699
Git IDs:

922f4f7d78055ed96833b43cb0c086fe37e2b672

Severity:
Disclosure Date:

Description

==7789==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000031d6 at pc 0x555555dec3b7 bp 0x7fffffff8530 sp 0x7fffffff8528
READ of size 1 at 0x6060000031d6 thread T0
    #0 0x555555dec3b6 in TLSDecodeHSHelloExtensionSupportedVersions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:962:42
    #1 0x555555de8b1b in TLSDecodeHSHelloExtensions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1224:23
    #2 0x555555de33d3 in TLSDecodeHandshakeHello /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1353:11
    #3 0x555555ddd4eb in SSLv3ParseHandshakeType /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c
    #4 0x555555dd903c in SSLv3ParseHandshakeProtocol /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1620:14
    #5 0x555555dcb3b2 in SSLv3Decode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2293:22
    #6 0x555555dc3402 in SSLDecode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2471:30
    #7 0x555555d741f6 in AppLayerParserParse /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-parser.c:1188:13
    #8 0x555555d40898 in LLVMFuzzerTestOneInput /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/fuzz_app_ssl.c:103:3
    #9 0x555556ce3832 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x178f832)
    #10 0x555556cd3da4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x177fda4)
    #11 0x555556cdcace in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x1788ace)
    #12 0x555555c23d23 in main (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfd23)
    #13 0x7ffff6cb1ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
    #14 0x555555c23edd in _start (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfedd)

Related issues 1 (0 open1 closed)

Copied from Suricata - Security #3168: tls: out of bounds readClosedVictor JulienActions
Actions
Copy link

Also available in: Atom PDF