Bug 1655940 (CVE-2018-19627)

Summary: CVE-2018-19627 wireshark: IxVeriWave parser crash
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: denis, huzaifas, lemenkov, mruprich, msehnout, phatina, rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 2.6.5, wireshark 2.4.11 Doc Type: If docs needed, set a value
Doc Text:
An out of bounds heap read vulnerability in the wiretap library of Wireshark could allow Wireshark to crash when parsing specially crafted pcap file.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-12 13:06:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1655944, 1657184    
Bug Blocks: 1655949    

Description Andrej Nemec 2018-12-04 09:56:51 UTC
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

Upstream issue:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279

Upstream patch:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60

External References:

https://www.wireshark.org/security/wnpa-sec-2018-55.html

Comment 1 Andrej Nemec 2018-12-04 10:01:50 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1655944]

Comment 3 Adam Mariš 2018-12-07 11:35:24 UTC
Statement:

This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Comment 5 Adam Mariš 2018-12-18 12:16:37 UTC
Used AV:L as wiretap library is used for reading capture files, rather than packet capture.

Comment 6 Product Security DevOps Team 2019-07-12 13:06:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-19627