You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Null Pointer Dereference was discovered in DumpTS v0.1.0-nightly. The issue is being triggered in function VerifyCommandLine () at src/DumpTS.cpp:388.Attackers may exploit this vulnerability to execute and cause a DOS attack.
Reproduce:
Tested in Ubuntu 22.04
Compile the program with address sanitizer with this:
first add the command in makefile as follows:
Then the poc is inputed as the input of DumpTS,here is the command: gdb --args ./DumpTS /home/DumpTS/fuzz_out3/default/crashes/id\:000000\,sig\:06\,src\:000011\,time\:52513\,execs\:23035\,op\:havoc\,rep\:16 --output=test1.mp4 --pid=0x1011 --showpts --destpid=0x1011
(gdb) break main
(gdb) run
(gdb) continue
(gdb) backtrace
GDB Reports:
(gdb) break main
Breakpoint 1 at 0x38e399: file ../../src/DumpTS.cpp, line 1126.
(gdb) run
Starting program: /home/DumpTS/bin/linux/DumpTS /home/DumpTS/fuzz_out3/default/crashes/id:000000,sig:06,src:000011,time:52513,execs:23035,op:havoc,rep:16 --output=test1.mp4 --pid=0x1011 --showpts --destpid=0x1011
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=6, argv=0x7ffd185a24c8) at ../../src/DumpTS.cpp:1126
1126 int nDumpRet = 0;
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00007f85f9b7781e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) backtrace
#0 0x00007f85f9b7781e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f85f9e47bce in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(char const*) const ()
from /lib/x86_64-linux-gnu/libstdc++.so.6
#2 0x000055c2e077c235 in VerifyCommandLine () at ../../src/DumpTS.cpp:388
#3 0x000055c2e0781433 in main (argc=6, argv=0x7ffd185a24c8) at ../../src/DumpTS.cpp:1157
Describe:
A Null Pointer Dereference was discovered in DumpTS v0.1.0-nightly. The issue is being triggered in function VerifyCommandLine () at src/DumpTS.cpp:388.Attackers may exploit this vulnerability to execute and cause a DOS attack.
Reproduce:
Tested in Ubuntu 22.04
Compile the program with address sanitizer with this:
first add the command in makefile as follows:
Then the poc is inputed as the input of DumpTS,here is the command:
gdb --args ./DumpTS /home/DumpTS/fuzz_out3/default/crashes/id\:000000\,sig\:06\,src\:000011\,time\:52513\,execs\:23035\,op\:havoc\,rep\:16 --output=test1.mp4 --pid=0x1011 --showpts --destpid=0x1011(gdb) break main
(gdb) run
(gdb) continue
(gdb) backtrace
GDB Reports:
and this is the code at the bug address:
Poc
Poc file is here
Fuzzer
Fuzzer is AFL.
The text was updated successfully, but these errors were encountered: