Bug 1219409 (CVE-2015-3182)
Summary: | CVE-2015-3182 wireshark: crash on sample file genbroad.snoop | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | carnil, gharris, huzaifas, jrusnack, lemenkov, osoukup, phatina, rvokal, sisharma |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-20 04:51:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1219410, 1245763 | ||
Bug Blocks: | 1210268, 1268749 |
Description
Martin Prpič
2015-05-07 09:20:32 UTC
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1219410] This bug is due to a failure by the epan/dissectors/packet-dec-dnart.c dissector to include the <epan/wmem/wmem.h> header to properly declare the wmem_strdup() routine as returning a pointer, so, on LP64 platforms, its 64-bit pointer result gets shortened to an int and then widened back to a pointer. This bug should not exist in Wireshark 1.12.x, for all values of x, as the change that introduced the call to wmem_strdup() in packet-dec-dnart.c also added an include of <epan/wmem/wmem.h>. However, it *does* exist in 1.10.x, for at least some values of x, as, when the change in question was backported, the include was *not* added. I have checked in a change to fix this: https://code.wireshark.org/review/8661 That fix, along with https://code.wireshark.org/review/8660 which is a fix for *another* problem revealed by compiling with -Werror (-Werror is your friend!), and possibly other fixes I check in as I fix more -Werror-detected problems, should be in the next 1.10.x Wireshark release, which should be 1.10.15. It has not yet been scheduled. If you want to pick up individual fixes, go ahead. (In reply to Guy Harris from comment #3) > However, it *does* exist in 1.10.x, for at least some values of x In particular, for x >= 12. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html |