Bug 1026540 (CVE-2013-6339) - CVE-2013-6339 wireshark: ActiveMQ OpenWire dissector large loop (wnpa-sec-2013-64)
Summary: CVE-2013-6339 wireshark: ActiveMQ OpenWire dissector large loop (wnpa-sec-201...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-6339
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1026544 1026546 1074925 1074926
Blocks: 1026543
TreeView+ depends on / blocked
 
Reported: 2013-11-04 22:41 UTC by Vincent Danen
Modified: 2021-02-17 07:12 UTC (History)
6 users (show)

Fixed In Version: wireshark 1.10.3, wireshark 1.8.11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-25 16:32:03 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0342 0 normal SHIPPED_LIVE Moderate: wireshark security update 2014-03-31 20:36:59 UTC

Description Vincent Danen 2013-11-04 22:41:45 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6339 to
the following vulnerability:

Name: CVE-2013-6339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
Assigned: 20131031
Reference: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52458&r2=52457&pathrev=52458
Reference: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52463&r2=52462&pathrev=52463
Reference: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52458
Reference: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52463
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248

The dissect_openwire_type function in
epan/dissectors/packet-openwire.c in the OpenWire dissector in
Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote
attackers to cause a denial of service (loop) via a crafted packet.


External References:

http://www.wireshark.org/security/wnpa-sec-2013-64.html

Comment 3 Vincent Danen 2013-11-04 22:54:46 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1026546]

Comment 4 Fedora Update System 2013-11-08 04:35:13 UTC
wireshark-1.10.3-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2013-11-11 02:28:24 UTC
wireshark-1.10.3-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-11-13 02:12:28 UTC
wireshark-1.10.3-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Huzaifa S. Sidhpurwala 2013-11-25 06:49:39 UTC
Statement:

This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.

Comment 10 errata-xmlrpc 2014-03-31 16:37:50 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html


Note You need to log in before you can comment on or make changes to this bug.