Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jul 2016 13:34:27 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: Wireshark 2.0.5 and 1.12.13 security releases

Hello

Wireshark 2.0.5 and 1.12.13 were announced to contain fixes of the usual
dissector crash / endless loop read from wire or capture file type:

https://www.wireshark.org/lists/wireshark-announce/201607/msg00001.html


CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495

NDS dissector crash (wnpa-sec-2016-40)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-40.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576

PacketBB dissector could divide by zero (wnpa-sec-2016-41)
The PacketBB dissector could divide by zero. It may be possible to make
Wireshark crash by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file. Affects 2.0.0
to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-41.html
\https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577

wnpa-sec-2016-42
WSP infinite loop (wnpa-sec-2016-42)
The WSP dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5,
1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594

MMSE infinite loop (wnpa-sec-2016-43)
The MMSE dissector could go into an infinite loop. It may be possible to
make Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 1.12.0 to 1.12.12, fixed 1.12.13
https://www.wireshark.org/security/wnpa-sec-2016-43.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

RLC long loop (wnpa-sec-2016-44)
The RLC dissector could go into a long loop. It may be possible to make
Wireshark consume excessive CPU resources by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5,
1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

LDSS dissector crash (wnpa-sec-2016-45)
The LDSS dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662

RLC dissector crash (wnpa-sec-2016-46)
The RLC dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664

OpenFlow long loop (wnpa-sec-2016-47)
The OpenFlow dissector (and possibly others) could go into a long loop.
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file. Affects 2.0.0 to 2.0.4, 1.12.0 to
1.12.12, fixed in 2.0.5, 1.12.13.
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659

MMSE, WAP, WBXML, and WSP infinite loop (wnpa-sec-2016-48)
The MMSE, WAP, WBXML, and WSP dissectors could go into an infinite loop.
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661

WBXML crash (wnpa-sec-2016-49)
The WBXML dissector could crash. It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4,
fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663


Could CVE please be assigned?

With kind regards,
Andreas Stieger

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.