oss-sec mailing list archives
Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop
From: Stuart Henderson <stu () spacehopper org>
Date: Tue, 12 May 2015 11:13:55 +0100
On 2015/05/11 17:20, Mgr. Martin Žember wrote:
Hello, I would like to request a CVE for the following issue: wireshark crashes on a sample capture file genbroad.snoop References: https://bugzilla.redhat.com/show_bug.cgi?id=1219409
Given the nature of the task (decoding network traffic, which is quite often truncated or malicious, in C) and the wide protocol support, it's no big surprise that this type of bug shows up so frequently. I always thought it was a pity that Wireshark's privilege separation only concerns itself with handling captures as root while running the main body of the program as a normal userid (rather than specifically running the risky code, i.e. the dissectors, jailed as an unprivileged user).
Current thread:
- CVE Request: wireshark: crash on a sample capture file genbroad.snoop Mgr . Martin Žember (May 11)
- Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Martin Prpic (May 12)
- Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Stuart Henderson (May 12)