Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48336[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagProvisionDataHandler() command.For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48335[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------To the best of our knowledge, the vulnerability described in this post has been incorrectly associated with CVE-2015-6639. After consulting with MITRE, it has been confirmed that this vulnerability had no assigned identifier. Consequently, CVE-2022-48335 has been assigned to this vulnerability. On the other hand, it has been confirmed that CVE-2015-6639 does exist and corresponds with a different vulnerability reported by Google. We have notified all the concerned parties about this misunderstanding so that the confusion can be amended.Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagVerifyProvisioning() command. This command closely resembles PRDiagClearProvisioning(), which has been featured in other blog entries (refer to CVE-2015-6647).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48334[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48333[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48332[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48331[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M) 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service. The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.

==========================================================================  
Ubuntu Security Notice USN-6118-1  
May 30, 2023

linux-oracle, linux-oracle-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

Zheng Wang discovered that the Intel i915 graphics driver in the Linux  
kernel did not properly handle certain error conditions, leading to a  
double-free. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2022-3707)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did  
not properly implement speculative execution barriers in usercopy functions  
in certain situations. A local attacker could use this to expose sensitive  
information (kernel memory). (CVE-2023-0459)

It was discovered that the TLS subsystem in the Linux kernel contained a  
type confusion vulnerability in some situations. A local attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol  
implementation in the Linux kernel contained a type confusion vulnerability  
in some situations. An attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel  
did not properly initialize some data structures. A local attacker could  
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that a use-after-free vulnerability existed in the iSCSI  
TCP implementation in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux  
kernel contained a race condition in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110  
   linux-image-oracle-lts-20.04    5.4.0.1101.94

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110~18.04.1  
   linux-image-oracle              5.4.0.1101.110~18.04.73

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6118-1  
   CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078,  
   CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1101.110  
   https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1101.110~18.04.1

Ubuntu Security Notice USN-6118-1

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

**List for announcements regarding Qt releases and development** announce at qt-project.org  
_Mon May 22 12:00:36 CEST 2023_

*   Previous message (by thread): \[Announce\] Security advisory: Qt SVG
*   Next message (by thread): \[Announce\] Qt Design Studio 4.1.0 released
*   **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763.

This effects all Qt versions up to and including Qt 5.15.14, Qt 6.0.0->6.2.8 and Qt 6.3.0->6.5.0

When a SVG file with an image inside it is rendered, a QTextLayout overflow can be triggered.

Solution: Apply the following patch or update to Qt 5.15.15, Qt 6.2.9 or Qt 6.5.1

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/476125
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/476490 or https://download.qt.io/official\_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official\_releases/qt/6.2/CVE-2023-32763-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official\_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff

Kind regards,
Andy
--
Andy Shaw
Director, Technical Customer Success 
The Qt Company

*   Previous message (by thread): \[Announce\] Security advisory: Qt SVG
*   Next message (by thread): \[Announce\] Qt Design Studio 4.1.0 released
*   **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

More information about the Announce mailing list

CVE-2023-32763: [Announce] Security advisory: Qt SVG

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Tenda AC6 Unauthorized stack overflow vulnerability

1.Affected version

US\_AC6V1.0BR\_V15.03.05.19

2.Firmware download address

资料下载\_腾达(Tenda)官方网站

3.Vulnerability details

The function "fromDhcpListClient" is vulnerable to a stack-based buffer overflow. When this function reads in a parameter supplied by the user, it passes the variable to the function without performing any length check, which means that the stack-based buffer could be overflowed. This vulnerability could allow an attacker to easily execute a denial-of-service attack or remote code execution with carefully crafted overflow data by accessing the page. To secure the system, input parameters should be strictly checked and filtered for length to prevent such vulnerabilities from occurring.

4.Recurring vulnerabilities and POC

Due to legal and policy restrictions, we cannot provide the attack exploit code for this vulnerability at the moment.

5.Author

田文奇

CVE-2023-2923: vul/1.md at main · GleamingEyes/vul

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Skip to content

Open Issue created May 18, 2023 by **Huascar Tejeda@htejeda**

**Heap Buffer Overflow blf\_read\_apptextmessage Function**

**Description**

A heap buffer overflow vulnerability has been discovered in Wireshark's g_strndup function, which could potentially lead to remote code execution.

Tested on: Ubuntu 22.04.2 LTS

**Details**

The vulnerability lies within the blf_read_apptextmessage function (found in the blf.c file), which is used by the Wireshark BLF (Binary Logging Format) plugin. The Address Sanitizer (ASAN) and GDB backtrace revealed a heap-buffer-overflow when the g_strsplit_set function is called. This function splits the string on the specified delimiters and creates an array of tokens.

In the provided backtrace, g_strsplit_set is called with text and ";" as the input parameters. If this string is carefully crafted, it could lead to arbitrary code execution when the process attempts to read or write to a memory area it doesn't own, which is typical behavior for a heap-buffer-overflow vulnerability.

**Steps to reproduce:**

Open the trigger file using a Wireshark binary compiled with the **\-DENABLE\_ASAN** option:

    $ tshark -r trigger
    =================================================================
    ==147490==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000311440 at pc 0x7ffff745be47 bp 0x7fffffffc730 sp 0x7fffffffbed8
    READ of size 17 at 0x602000311440 thread T0
        #0 0x7ffff745be46 in __interceptor_strncpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:484
        #1 0x7fffdfd3982b in g_strndup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7382b)
        #2 0x7fffdfd3daba in g_strsplit_set (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x77aba)
        #3 0x7fffdfa5933f in blf_read_apptextmessage /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/blf.c:1646
        #4 0x7fffdfa5933f in blf_read_block /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/blf.c:1820
        #5 0x7fffdfa5a79f in blf_read /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/blf.c:1846
        #6 0x7fffdfb34583 in wtap_read /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/wtap.c:1555
        #7 0x55555558eb8f in process_cap_file_single_pass /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/tshark.c:3534
        #8 0x55555558eb8f in process_cap_file /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/tshark.c:3746
        #9 0x55555558eb8f in main /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/tshark.c:2260
        #10 0x7fffdf629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
        #11 0x7fffdf629e3f in __libc_start_main_impl ../csu/libc-start.c:392
        #12 0x555555591754 in _start (/home/htejeda/fuzzing/wireshark/wireshark-4.0.5/build-asan/run/tshark+0x3d754)
    
    0x602000311440 is located 0 bytes to the right of 16-byte region [0x602000311430,0x602000311440)
    allocated by thread T0 here:
        #0 0x7ffff74b4a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
        #1 0x7fffdfa592c2 in blf_read_apptextmessage /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/blf.c:1637
        #2 0x7fffdfa592c2 in blf_read_block /home/htejeda/fuzzing/wireshark/wireshark-4.0.5/wiretap/blf.c:1820
        #3 0x7fffffffdd2f  ([stack]+0x1fd2f)
    ...
    ...

I'd also like to request a CVE ID for this vulnerability.

Please let me know if you need any additional information.

Regards,  
Huáscar

trigger ASAN.txt GDB\_Backtrace.txt

Tag

#buffer_overflow