oss-sec mailing list archives

Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 20 Jul 2011 12:25:12 +0530

On 07/19/2011 06:11 PM, Jan Lieskovsky wrote:

Hello Josh, Steve, vendors,

  an infinite loop was found in the way ANSI A Interface (IS-634/IOS)
dissector of the Wireshark network traffic analyzer processed certain
ANSI A MAP capture files. If Wireshark read a malformed packet off a
network or opened a malicious packet capture file, it could lead to
denial of service (Wireshark hang).

Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044

Public PoC:
[2]
http://www.wireshark.org/download/automated/captures/fuzz-2011-06-20-22762.pcap


Relevant upstream patch:
[3] http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930

References:
[4] http://www.wireshark.org/security/
[5] http://www.wireshark.org/security/wnpa-sec-2011-11.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-10.html
[7] https://bugzilla.redhat.com/show_bug.cgi?id=723215

Could you allocate a CVE id for this?


This has been assigned CVE-2011-2698


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky (Jul 19)
- Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala (Jul 19)