ZerBea hcxpcapngtool Buffer Overflow Vulnerability in getradiotapfield Function

A buffer overflow vulnerability has been identified in ZerBea hcxpcapngtool version 7.0.1-43-g2ee308e. This vulnerability allows a local attacker to access sensitive information by exploiting the getradiotapfield() function. The issue arises from the program's failure to properly validate an internal index, leading to out-of-bounds access and causing the application to crash. This exploitation results in a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition. However, there is potential for unauthorized data access, as indicated by the vulnerability description.

Reproduction

The vulnerability can be reproduced by using the hcxpcapngtool with a crafted input file that triggers the buffer overflow. This can be done by feeding one of the 17 mal_input files, which were reported to cause the program to crash, into the tool. The issue can be verified using the AddressSanitizer, which will report the buffer overflow error.

Remediation

Users can update to the latest version of hcxpcapngtool, as the buffer overflow vulnerability has been addressed. The patched version is 7.0.1-44-g7f27a95.