Date: Tue, 12 May 2015 11:13:55 +0100 From: Stuart Henderson <stu@...cehopper.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop On 2015/05/11 17:20, Mgr. Martin Žember wrote: > Hello, > > I would like to request a CVE for the following issue: > > wireshark crashes on a sample capture file genbroad.snoop > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=1219409 Given the nature of the task (decoding network traffic, which is quite often truncated or malicious, in C) and the wide protocol support, it's no big surprise that this type of bug shows up so frequently. I always thought it was a pity that Wireshark's privilege separation only concerns itself with handling captures as root while running the main body of the program as a normal userid (rather than specifically running the risky code, i.e. the dissectors, jailed as an unprivileged user).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ