Was just about to report this myself :)

The crash occurs when a destination unreachable ICMP message is received.

nmap -V Nmap version 6.49BETA1 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.3 openssl-1.0.1f libpcre-8.31 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select

OS: Ubuntu 14.04 (tested on Desktop and Server)

When nmap undergoes host discovery, if a host responds with an ICMP Destination Unreachable, Nmap aborts with the following error:

nmap: scan_engine_raw.cc:206: u16 UltraProbe::icmpid() const: Assertion 'mypspec.proto == IPPROTO_ICMP || mypspec.proto == IPPROTO_ICMPV6' failed. Aborted (core dumped)

This issue has been reproduced with ICMP Destination Unreachable types 13 (Communication Administratively Prohibited) and type 0 (Net Unreachable) messages. Other Destination Unreachable messages may also be affected.

Replied on nmap-dev mailing list: http://seclists.org/nmap-dev/2015/q2/220

Thanks so much for this critical bug report! We recently added a new check
for ICMP messages which calls the icmpid() function, but we didn't add a
corresponding check to be sure that function was safe to call. Would you be
able to apply the attached patch and let us know if it solves the issue?

Attached patch

Works for me. No more errors. Thanks

The version I pulled from the github repo says "Nmap 6.47SVN". Is that OK?
I applied the patch to the tarball published on the website as Nmap-6.49BETA1 and the cloned github repo and compiled both. (just to be sure)

A fix for this issue has been released in Nmap 6.49BETA2