Bug 824411 (CVE-2012-2392)
Summary: | CVE-2012-2392 wireshark: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors (wnpa-sec-2012-08) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | huzaifas, jsafrane, rvokal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-22 03:12:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 824426, 994924, 1004712 | ||
Bug Blocks: | 824434, 974906 |
Description
Jan Lieskovsky
2012-05-23 12:23:18 UTC
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 824426] CVE Request: [10] http://www.openwall.com/lists/oss-security/2012/05/23/10 Added CVE as per http://www.openwall.com/lists/oss-security/2012/05/23/17 IPMI dissector case yet: [11] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7123 From the list of affected dissectors mentioned in comment #0, only 2 of them affect the version of wireshark shipped with Red Hat Enterprise Linux 6, namely the ANSIMAP and HCIEVT are affected only. Additional two CVE identifiers have been assigned to set of dissector flaws, as originally listed in this bugzilla: 1) CVE-2012-3825 (bug #836960) for the BACapp and Bluetooth HCI case, 2) CVE-2012-3826 (bug #836961) for the R3 dissector case. The CVE-2012-2392 CVE identifier got described as follows: ---------------------------------------------------------- Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. with references: ---------------- http://www.wireshark.org/security/wnpa-sec-2012-08.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1569 https://rhn.redhat.com/errata/RHSA-2013-1569.html Statement: (none) |