Bug 245797 (CVE-2007-3391)

Summary: CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1264
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-25 08:48:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 247617, 247618, 247619, 247621, 247622, 247623    
Bug Blocks:    
Attachments:
Description Flags
Capture file of DCP ECPI traffic that makes Wireshark enter infinite loop
none
Patch for Wireshark DCP ETSI decoder that should fix an infinite loop none

Description Lubomir Kundrak 2007-06-26 18:59:56 UTC 
Description of problem:

Wireshark enters an infinite loop and crashes after exhausting system memory
when attempting to dissect certain malformed DCP ETSI traffic.

Version-Release number of selected component (if applicable):

Wireshark 0.99.5

Steps to Reproduce:
1. Open the attached capture with the Wireshark GUI

Additional info:

This is fixed in upstream revision 21007.
Comment 1 Lubomir Kundrak 2007-06-26 18:59:56 UTC 
Created attachment 157938 [details]
Capture file of DCP ECPI traffic that makes Wireshark enter infinite loop
Comment 2 Lubomir Kundrak 2007-06-26 19:01:34 UTC 
Created attachment 157939 [details]
Patch for Wireshark DCP ETSI decoder that should fix an infinite loop

This patch comes from upstream BTS. Most likely it doesn't differ from the
changeset of revision referred to in the bug description.
Comment 7 Red Hat Product Security 2008-07-25 08:48:11 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0710.html
  http://rhn.redhat.com/errata/RHSA-2007-0709.html
  http://rhn.redhat.com/errata/RHSA-2008-0059.html
Comment 8 Red Hat Bugzilla 2009-10-23 19:05:54 UTC 
Reporter changed to security-response-team by request of Jay Turner.