oss-sec mailing list archives
Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues
From: Josh Bressers <bressers () redhat com>
Date: Wed, 1 Jun 2011 16:23:23 -0400 (EDT)
----- Original Message -----
I didn't see any CVE's in the Wireshark Bug tracking/advisory nor could I find these in the Red Hat Bugzilla (but I'm guessing as a CNA they have CVE #'s assigned?) Wireshark 1.2.17 fixes the following vulnerabilities: Large/infinite loop in the DICOM dissector. (Bug 5876) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1957
Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1958
Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1959
David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (Bug 5908) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2174
Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2175
http://www.wireshark.org/security/wnpa-sec-2011-07.html http://www.wireshark.org/security/wnpa-sec-2011-08.html
Thanks. -- JB
Current thread:
- CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Kurt Seifried (May 31)
- Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Huzaifa Sidhpurwala (May 31)
- Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Josh Bressers (Jun 01)