You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was recently using fuzz to conduct security testing on hashset, and found a stack overflow error in cap2hccapx.bin. The specific information is as follows:
./cap2hccapx.bin poc /dev/null
=================================================================
==32351==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffe18f at pc 0x0000004d1324 bp 0x7ffffffedab0 sp 0x7ffffffedaa8
READ of size 2 at 0x7fffffffe18f thread T0
#0 0x4d1323 in process_packet /work/autofz/github/hashcat-utils/src/cap2hccapx.c:741:50
#1 0x4d1323 in main /work/autofz/github/hashcat-utils/src/cap2hccapx.c:1118:5
#2 0x7ffff6ee583f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#3 0x41c068 in _start (/work/autofz/github/hashcat-utils/src/cap2hccapx.bin+0x41c068)
Address 0x7fffffffe18f is located in stack of thread T0 at offset 66511 in frame
#0 0x4c874f in main /work/autofz/github/hashcat-utils/src/cap2hccapx.c:875
This frame has 10 object(s):
[32, 64) 'zero.i.i' (line 593)
[96, 195) 'auth_packet_orig.i.i' (line 612)
[240, 290) 'essid.i' (line 747)
[336, 675) 'excpkt.i' (line 855)
[752, 758) 'bssid.i' (line 675)
[784, 834) 'essid' (line 902)
[880, 904) 'pcap_file_header' (line 924)
[944, 960) 'header' (line 987)
[976, 66511) 'packet' (line 1017) <== Memory access at offset 66511 overflows this variable
[66768, 67161) 'hccapx' (line 1288)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /work/autofz/github/hashcat-utils/src/cap2hccapx.c:741:50 in process_packet
Shadow bytes around the buggy address:
0x10007fff7be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007fff7c30: 00[07]f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
0x10007fff7c40: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
0x10007fff7c50: f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x10007fff7c60: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x10007fff7c70: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x10007fff7c80: f8 f8 f8 f8 f3 f3 f3 f3 f3 f3 f3 f3 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==32351==ABORTING
I was recently using fuzz to conduct security testing on hashset, and found a stack overflow error in cap2hccapx.bin. The specific information is as follows:
The poc that triggers the error is as follows:https://github.com/Sunzyuu/seed/blob/main/hashset_cap2hccapx_poc
I hope my report will be of some help to hashset, thank you!
The text was updated successfully, but these errors were encountered: