From https://www.wireshark.org/security/wnpa-sec-2015-07.html Name: WCP dissector crash Docid: wnpa-sec-2015-07 Date: March 4, 2015 Affected versions: 1.12.0 to 1.12.3, 1.10.0 to 1.10.12 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844 Upstream 1.10.x patch: https://code.wireshark.org/review/#/c/6516/ Description: The WCP dissector could crash while decompressing data. Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1199173]
Statement: Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, and 6.
Patch ===== https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=abebbb99519cbf920ea4c495741ed9c7b5774def POC === https://www.wireshark.org/download/automated/captures/fuzz-2015-01-09-27534.pcap
(In reply to Siddharth Sharma from comment #3) > Patch > ===== > > https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch; > h=abebbb99519cbf920ea4c495741ed9c7b5774def > > > POC > === > https://www.wireshark.org/download/automated/captures/fuzz-2015-01-09-27534. > pcap Mentioned patch doesn't address the flaw. This is the correct one: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2188
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html