Bug 1163584 (CVE-2014-8710)

Summary: CVE-2014-8710 wireshark: SigComp dissector crash (wnpa-sec-2014-20)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ebenes, huzaifas, lemenkov, phatina, rvokal, sisharma
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: wireshark 1.12.2, wireshark 1.10.11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-20 04:47:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1163585, 1208005, 1245763    
Bug Blocks: 1163586, 1210268    

Description Murray McAllister 2014-11-13 04:29:51 UTC
It was reported that Wireshark's SigComp dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

This is reported to affect Wireshark versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.


The version of Wireshark in Red Hat Enterprise Linux 5 and 6 is older than 1.10.x, and may not be affected. The version of Wireshark in Red Hat Enterprise Linux 7 is affected.

External References:


Comment 1 Murray McAllister 2014-11-13 04:33:18 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1163585]

Comment 2 Siddharth Sharma 2014-11-14 12:38:46 UTC
upstream fix

Patch1:  https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=9a2e8ead5c93e5af78881fb1c0e1ac4d648e2d58

Comment 3 Fedora Update System 2014-12-04 06:22:13 UTC
wireshark-1.10.11-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Siddharth Sharma 2015-01-14 19:16:39 UTC

In the code of Wireshark's SigComp dissector, calling of following function could lead to crash by largely increasing the value of 'n'  
proto_tree_add_string(udvm_tree,hf_id, bytecode_tvb, 0, 0, bytes_to_str(sha1_digest_buf, state_minimum_access_length_buff[n]));

Comment 9 errata-xmlrpc 2015-07-22 07:24:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1460 https://rhn.redhat.com/errata/RHSA-2015-1460.html

Comment 16 errata-xmlrpc 2015-11-19 12:36:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html

Comment 17 Huzaifa S. Sidhpurwala 2015-11-20 04:47:57 UTC

This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.