oss-sec mailing list archives
CVE request for wireshark flaws
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 1 Nov 2011 15:51:35 -0600
Can I get CVEs assigned to the following wireshark flaws? 1) An uninitialized variable in the CSN.1 dissector could cause a crash. Affects: 1.6.0 to 1.6.2, fixed in 1.6.3 References: http://www.wireshark.org/security/wnpa-sec-2011-17.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140 https://bugzilla.redhat.com/show_bug.cgi?id=750643 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 References: http://www.wireshark.org/security/wnpa-sec-2011-18.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500 https://bugzilla.redhat.com/show_bug.cgi?id=750645 3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 References: http://www.wireshark.org/security/wnpa-sec-2011-19.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508 https://bugzilla.redhat.com/show_bug.cgi?id=750648 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request for wireshark flaws Vincent Danen (Nov 01)
- Re: CVE request for wireshark flaws Kurt Seifried (Nov 01)