oss-sec mailing list archives
CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 29 Aug 2012 11:39:11 -0400 (EDT)
Hello Kurt, Steve, Gerald, vendors, a denial of service flaw was found in the way Distributed Relational Database Architecture (DRDA) dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially-crafted capture file that, when opened could lead to wireshark executable to consume excessive amount of CPU time and hang with an infinite loop. Issue found by: Martin Wilck Upstream bug report: [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 Reproducer: [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666#c0 References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=849926 Affected versions: Seems to affect wireshark 1.6.x versions and later (1.0.x and 1.2.x definitely aren't affected) Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Jan Lieskovsky (Aug 29)
- Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried (Aug 29)
- Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin (Aug 31)