oss-sec mailing list archives

CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 19 Jul 2011 14:41:12 +0200

Hello Josh, Steve, vendors,

  an infinite loop was found in the way ANSI A Interface (IS-634/IOS)
dissector of the Wireshark network traffic analyzer processed certain
ANSI A MAP capture files. If Wireshark read a malformed packet off a

network or opened a malicious packet capture file, it could lead todenial of service (Wireshark hang).


Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044

Public PoC:
[2]
http://www.wireshark.org/download/automated/captures/fuzz-2011-06-20-22762.pcap

Relevant upstream patch:
[3] http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930

References:
[4] http://www.wireshark.org/security/
[5] http://www.wireshark.org/security/wnpa-sec-2011-11.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-10.html
[7] https://bugzilla.redhat.com/show_bug.cgi?id=723215

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky (Jul 19)
- Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala (Jul 19)