It was reported that Wireshark's AMQP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10582 The version of Wireshark in Red Hat Enterprise Linux 5 and 6 is older than 1.10.x, and may not be affected. The version of Wireshark in Red Hat Enterprise Linux 7 is affected. External References: https://www.wireshark.org/security/wnpa-sec-2014-21.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1163585]
upstream fix ------------ Info: https://code.wireshark.org/review/#/c/5176/ Patch1: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=8f62bb7cce5a82baa543b14800fd7c12548b497a Patch2: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=c44ff776c4d270a8ae1d2fea39eae8c0a14d9dd9
wireshark-1.10.11-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Analysis ======== In the various places of the amqp_0_10 code 32 bit size field is used as the size of the following data field which creates potential for overflows when using 32 bit arithmetic.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1460 https://rhn.redhat.com/errata/RHSA-2015-1460.html
Actually, in 1.10.x, it's fixed by c567c0e0d0d08760944d6674d827e96bdb242964.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html
Statement: This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5