[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request for new wireshark vulnerabilities
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-06-14 20:30:36
Message-ID: Pine.GSO.4.64.1006141629410.13177 () faron ! mitre ! org
[Download RAW message or body]
On Thu, 10 Jun 2010, Vincent Danen wrote:
>> The SMB dissector could dereference a NULL pointer.
>> Fixed in trunk: r32650
>> Fixed in trunk-1.2: r33142
>> Fixed in trunk-1.0: r33145
>> Bug 4734
>> Versions affected: 0.99.6 to 1.0.13, 1.2.0 to 1.2.8
Use CVE-2010-2283
>> J. Oquendo discovered that the ASN.1 BER dissector could overrun
>> the stack.
>> Fixed in trunk: r32922, r33046
>> Fixed in trunk-1.2: r33122
>> Fixed in trunk-1.0: r33146
>> Versions affected: 0.10.13 to 1.0.13, 1.2.0 to 1.2.8
Use CVE-2010-2284
>> The SMB PIPE dissector could dereference a NULL pointer on some
>> platforms.
>> Fixed in trunk: r32848
>> Fixed in trunk-1.2: r33120
>> Fixed in trunk-1.0: r33143
>> Versions affected: 0.8.20 to 1.0.13, 1.2.0 to 1.2.8
Use CVE-2010-2285
>> The SigComp Universal Decompressor Virtual Machine could go into
>> an infinite loop.
>> Fixed in trunk: r33061, r33065
>> Fixed in trunk-1.2: r33131
>> Fixed in trunk-1.0: r33147
>> Bug 4826
>> Versions affected: 0.10.7 to 1.0.13, 1.2.0 to 1.2.8
Use CVE-2010-2286
>> The SigComp Universal Decompressor Virtual Machine could overrun
>> a buffer.
>> Fixed in trunk: r33087, r33090
>> Fixed in trunk-1.2: r33134
>> Fixed in trunk-1.0: r33149
>> Bug 4837
>> Versions affected: 0.10.8 to 1.0.13, 1.2.0 to 1.2.8
Use CVE-2010-2287
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic