Open cla7aye15I4nd opened 3 weeks ago
Hi thanks for reporting the issue. I think you are using a different source code version as https://github.com/ntop/ntopng/blob/6.2-stable/src/Flow.cpp#L6516 it is unlikely to have the issue you reported.
Can you please attach to this ticket the artefact that has been used to cause the crash ?
I've attached the PoC in the "Steps to Reproduce" section (item 2), which is a .jpg file (for bypassing the file type limitation of github). I'm currently using the dev branch, and the relevant commit is 3da6cfca6a60733baacf392acf4cd4a6eda83e23. I suspect the version issue you're referring to may stem from an error in the asan symbolizer.
Hi @cla7aye15I4nd could you please share how you started ntopng? (the exact command line)
Build the OSS docker and enter
python3 oss-fuzz/infra/helper.py build_image --architecture x86_64 ntopng
docker run --rm -it gcr.io/oss-fuzz/ntopng /bin/bash
Compile and reproduce in the container
root@25a6e5d1095d:/src/ntopng# FUZZING_LANGUAGE=c compile
root@25a6e5d1095d:/out# ./fuzz_dissect_packet <your poc path>
Description:
A heap-buffer-overflow vulnerability has been identified in ntopng version 6.2, specifically in the
Flow::dissectMDNS
function located inFlow.cpp
at line 6516. This issue can cause the application to crash, leading to a potential denial-of-service condition.Affected Version:
Steps to Reproduce:
Build ntopng using the OSS-Fuzz configuration.
Run the
fuzz_dissect_packet
binary with a crafted input that triggers the vulnerability.Observe the heap-buffer-overflow error reported by AddressSanitizer.
Crash Output: