Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> I didn't see any CVE's in the Wireshark Bug tracking/advisory nor could I
> find these in the Red Hat Bugzilla (but I'm guessing as a CNA they have
> CVE #'s assigned?)
>
> Wireshark 1.2.17 fixes the following vulnerabilities:
>
> Large/infinite loop in the DICOM dissector. (Bug 5876)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1957

> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Diameter dictionary file could crash Wireshark.
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1958

> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted snoop file could crash Wireshark. (Bug 5912)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1959

> David Maciejak of Fortinet's FortiGuard Labs discovered that malformed
> compressed capture data could crash Wireshark. (Bug 5908)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2174

> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Visual Networks file could crash Wireshark. (Bug
> 5934)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2175

> http://www.wireshark.org/security/wnpa-sec-2011-07.html
> http://www.wireshark.org/security/wnpa-sec-2011-08.html

Thanks.

-- 
    JB