[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: Wireshark 2.0.5 and 1.12.13 security releases
From:       Andreas Stieger <astieger () suse ! com>
Date:       2016-07-28 11:34:27
Message-ID: 02218f3b-90ba-87cb-f0f9-2e576eae6917 () suse ! com
[Download RAW message or body]

Hello

Wireshark 2.0.5 and 1.12.13 were announced to contain fixes of the usual
dissector crash / endless loop read from wire or capture file type:

https://www.wireshark.org/lists/wireshark-announce/201607/msg00001.html


CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495

NDS dissector crash (wnpa-sec-2016-40)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-40.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576

PacketBB dissector could divide by zero (wnpa-sec-2016-41)
The PacketBB dissector could divide by zero. It may be possible to make
Wireshark crash by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file. Affects 2.0.0
to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-41.html
\https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577

wnpa-sec-2016-42
WSP infinite loop (wnpa-sec-2016-42)
The WSP dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5,
1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594

MMSE infinite loop (wnpa-sec-2016-43)
The MMSE dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed 1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-43.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

RLC long loop (wnpa-sec-2016-44)
The RLC dissector could go into a long loop. It may be possible to make
Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5,
1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

LDSS dissector crash (wnpa-sec-2016-45)
The LDSS dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662

RLC dissector crash (wnpa-sec-2016-46)
The RLC dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664

OpenFlow long loop (wnpa-sec-2016-47)
The OpenFlow dissector (and possibly others) could go into a long loop.
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to
1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659

MMSE, WAP, WBXML, and WSP infinite loop (wnpa-sec-2016-48)
The MMSE, WAP, WBXML, and WSP dissectors could go into an infinite loop.
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661

WBXML crash (wnpa-sec-2016-49)
The WBXML dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663


Could CVE please be assigned?

With kind regards,
Andreas Stieger

-- 
Andreas Stieger <astieger@suse.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)


[prev in list] [next in list] [prev in thread] [next in thread]