Re: CVE request for new wireshark vulnerabilities

["Steven M. Christey" <coley () linus mitre org>]

On Thu, 10 Jun 2010, Vincent Danen wrote:

> >  The SMB dissector could dereference a NULL pointer.
> >  Fixed in trunk: r32650
> >  Fixed in trunk-1.2: r33142
> >  Fixed in trunk-1.0: r33145
> >  Bug 4734
> >  Versions affected: 0.99.6 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2283

> >  J. Oquendo discovered that the ASN.1 BER dissector could overrun
> >  the stack.
> >  Fixed in trunk: r32922, r33046
> >  Fixed in trunk-1.2: r33122
> >  Fixed in trunk-1.0: r33146
> >  Versions affected: 0.10.13 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2284

> >  The SMB PIPE dissector could dereference a NULL pointer on some
> >  platforms.
> >  Fixed in trunk: r32848
> >  Fixed in trunk-1.2: r33120
> >  Fixed in trunk-1.0: r33143
> >  Versions affected: 0.8.20 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2285

> >  The SigComp Universal Decompressor Virtual Machine could go into
> >  an infinite loop.
> >  Fixed in trunk: r33061, r33065
> >  Fixed in trunk-1.2: r33131
> >  Fixed in trunk-1.0: r33147
> >  Bug 4826
> >  Versions affected: 0.10.7 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2286

> >  The SigComp Universal Decompressor Virtual Machine could overrun
> >  a buffer.
> >  Fixed in trunk: r33087, r33090
> >  Fixed in trunk-1.2: r33134
> >  Fixed in trunk-1.0: r33149
> >  Bug 4837
> >  Versions affected: 0.10.8 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2287


- Steve