Comments (9)
msxfXF
commented on May 24, 2024
from tcpdump.
guyharris
commented on May 24, 2024
Stack trace after killing tcpdump with SIGABRT:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x7ff80c3da036 sigprocmask + 10
1 libsystem_platform.dylib 0x7ff80c441e83 longjmp + 23
2 tcpdump 0x100b750dd hex_print_with_offset + 365
3 tcpdump 0x100b68468 pretty_print_packet + 760
4 tcpdump 0x100b64141 print_packet + 49 (tcpdump.c:3252)
5 tcpdump 0x100c3794e pcapint_offline_read + 110 (savefile.c:684)
6 tcpdump 0x100c178a9 pcap_loop + 57 (pcap.c:2967)
7 tcpdump 0x100b624df main + 6143 (tcpdump.c:2685)
8 dyld 0x7ff80c0bc41f start + 1903
from tcpdump.
gvanem
commented on May 24, 2024
I do see the same on Windows (with MSVC) on some runs. But mostly:
tcpdump.exe -x -vvv -n -r ./tcpdump_poc
reading from file ./tcpdump_poc, link-type PPP_SERIAL (PPP over serial), snapshot length 58
[Error converting time] unknown PPP protocol (0x7e80): IPCP, Conf-Request (0x01), id 0, length 48
encoded length 45 (=Option(s) length 41)
0x0000: 8021 0100 002d
unknown Option (0x66), length 4
0x0000: 006c
unknown Option (0x72), length 8
0x0000: 0055 000d 0d0d
unknown Option (0x0d), length 13
0x0000: 0d0d 0d0d 0d0d 0d0d 0d0d 0d
unknown Option (0x0d), length 13
0x0000: 0d0d 0d0d 0d1c 0d0d d4c3 b2
unknown Option (0xa1), length 2
IP-Comp Option (0x02), length 32 [|ppp_hdlc]
0x0000: ff60 7e80 2101 0000 2d66 0400 6c72 0800
0x0010: 5500 0d0d 0d0d 0d0d 0d0d 0d0d 0d0d 0d0d
0x0020: 0d0d 0d0d 0d0d 0d0d 0d1c 0d0d d4c3 b2a1
0x0030: 0202 20
tcpdump.exe: pcap_loop: invalid packet capture length 16843009, bigger than snaplen of 58
And with tcpdump.exe -x -vvv -n -r ./tcpdump_poc -v, I never see this Infinite Loop issue.
from tcpdump.
infrastation
commented on May 24, 2024
@msxfXF, thank you for the report and let me confirm a few things to make sure everyone is one the same page. Try to read with attention if you can.
When you were opening this bug report, you saw a message that includes the following, correct? (yes/no)
To report a security issue please send an e-mail to [email protected].
Then you did not actually send the actual e-mail as instructed, correct? (yes/no)
Then you deleted the text that tells you to send the e-mail, correct? (yes/no)
The you posted a security issue details into a public bug report, correct? (yes/no)
from tcpdump.
msxfXF
commented on May 24, 2024
Hello @infrastation,
Firstly, I want to sincerely apologize for not following the proper procedure when submitting the security issue. In my eagerness to report the finding, I overlooked the instructions to contact you via the designated email address. Here are the answers to your questions:
- Yes, I saw the message that I should report security issues via email to [email protected].
- Yes, I did not send an actual email as instructed.
- No, I did not intentionally delete the text that tells me to send the email. It was a misunderstanding on my part.
- Yes, I posted the security issue details into a public bug report.
I understand the importance of responsible disclosure for security issues, and I regret the inadvertent publication of this matter. I am prepared to cooperate fully and assist in resolving the issue in a more appropriate manner. I will immediately follow up with an email to [email protected] containing the details of the security matter.
Thank you for bringing this to my attention, and I appreciate your understanding.
Best regards,
msxfXF
from tcpdump.
guyharris
commented on May 24, 2024
Fixed.
from tcpdump.
firexinghe
commented on May 24, 2024
@guyharris Does CVE-2024-2397 affect the 4.9.x branch?
from tcpdump.
firexinghe
commented on May 24, 2024
@infrastation @gvanem @guyharris @msxfXF Through the stack and commit description, it is found that the infinite loop is invoked as follows, and version 4.9 does not introduce longjmp/setjmp, which means that CVE-2024-2397 is not involved.
Am I right? Looking forward to hearing from you。
pretty_print_packet -> hex_print_with_offset -> longjmp -> setjmp -> pretty_print_packet
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x7ff80c3da036 sigprocmask + 10
1 libsystem_platform.dylib 0x7ff80c441e83 longjmp + 23
2 tcpdump 0x100b750dd hex_print_with_offset + 365
3 tcpdump 0x100b68468 pretty_print_packet + 760
4 tcpdump 0x100b64141 print_packet + 49 (tcpdump.c:3252)
5 tcpdump 0x100c3794e pcapint_offline_read + 110 (savefile.c:684)
6 tcpdump 0x100c178a9 pcap_loop + 57 (pcap.c:2967)
7 tcpdump 0x100b624df main + 6143 (tcpdump.c:2685)
8 dyld 0x7ff80c0bc41f start + 1903
from tcpdump.
infrastation
commented on May 24, 2024
All information regarding this case has been published as CVE-2024-2397. This case does not affect any tcpdump release and is now fully resolved. Please report all vulnerabilities to [email protected] instead of publishing, otherwise no credit will be given to the reporter.
from tcpdump.
Related Issues (20)
- print-ascii.c and '-DMAIN' HOT 3
- When I tried to cross compile tcpdump for riscv64, the tcpdump configure script didn't find libpcap HOT 4
- The -B option of tcpdump on my machine doesn't seem to have any effect HOT 9
- CMake 3.27 emits a deprecation warning HOT 7
- Potential memory leak in tcpdump.c HOT 2
- tcpdump with -i any shown invalid ip and bogus ipv4 in wireshark HOT 21
- How can grep the result in tcpdump with --version or -L(data-link-types) HOT 1
- tcpdump -r pcap file error HOT 4
- segmentation fault when using "-Z root" and "-w" HOT 2
- Missing support for L2TPv3 HOT 3
- tcpdump exits before completing the merge HOT 6
- tcpdump -n becomes very slow after some time if large number of IP addresses is present
- tcpdump apparmor denied open operation to /etc/pam_ldap.conf Ubuntu 22.04.3 LTS HOT 2
- Issues building to Win x64 and errors in README.Win32.md HOT 20
- Update Sun RPC code to BSD-3-Clause copy
- Using an Android phone to grab the app, tcpdump has not shown any response. TCpdump is the latest version, with Android 8.1 system and Nexus5x phone HOT 4
- -G drops packets if not enough traffic is recorded HOT 7
- OpenBSD 7.5 build fails because EVP_add_cipher_alias() no longer exists in OpenBSD libcrypto HOT 1
- mkdep does not detect compiler failures HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tcpdump.