Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jul 2016 13:34:27 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: Wireshark 2.0.5 and 1.12.13 security releases

Hello

Wireshark 2.0.5 and 1.12.13 were announced to contain fixes of the usual
dissector crash / endless loop read from wire or capture file type:

https://www.wireshark.org/lists/wireshark-announce/201607/msg00001.html


CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495

NDS dissector crash (wnpa-sec-2016-40)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-40.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576

PacketBB dissector could divide by zero (wnpa-sec-2016-41)
The PacketBB dissector could divide by zero. It may be possible to make
Wireshark crash by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file. Affects 2.0.0
to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-41.html
\https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577

wnpa-sec-2016-42
WSP infinite loop (wnpa-sec-2016-42)
The WSP dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5,
1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594

MMSE infinite loop (wnpa-sec-2016-43)
The MMSE dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed 1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-43.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

RLC long loop (wnpa-sec-2016-44)
The RLC dissector could go into a long loop. It may be possible to make
Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5,
1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

LDSS dissector crash (wnpa-sec-2016-45)
The LDSS dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662

RLC dissector crash (wnpa-sec-2016-46)
The RLC dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664

OpenFlow long loop (wnpa-sec-2016-47)
The OpenFlow dissector (and possibly others) could go into a long loop.
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to
1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659

MMSE, WAP, WBXML, and WSP infinite loop (wnpa-sec-2016-48)
The MMSE, WAP, WBXML, and WSP dissectors could go into an infinite loop.
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661

WBXML crash (wnpa-sec-2016-49)
The WBXML dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663


Could CVE please be assigned?

With kind regards,
Andreas Stieger

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ