oss-sec mailing list archives

CVE assignments for Wireshark

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 12 Jan 2011 17:51:08 -0500 (EST)


CVE-2011-0444 - MAC-LTE

CVE-2011-0445 - ASN.1 BER



======================================================
Name: CVE-2011-0444
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
Reference: MISC:https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2011-01.html
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2011-02.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530
Reference: VUPEN:ADV-2011-0079
Reference: URL:http://www.vupen.com/english/advisories/2011/0079

Buffer overflow in the MAC-LTE dissector
(epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13
and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large number
of RARs.


======================================================
Name: CVE-2011-0445
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0445
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2011-02.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5537
Reference: VUPEN:ADV-2011-0079
Reference: URL:http://www.vupen.com/english/advisories/2011/0079

The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote
attackers to cause a denial of service (assertion failure) via crafted
packets, as demonstrated by fuzz-2010-12-30-28473.pcap.

Current thread:

CVE assignments for Wireshark Steven M. Christey (Jan 12)
- Re: CVE assignments for Wireshark Huzaifa Sidhpurwala (Jan 19)
  - Re: CVE assignments for Wireshark Josh Bressers (Jan 31)
    - Re: CVE assignments for Wireshark Josh Bressers (Feb 09)