Bug 590613 - (CVE-2010-1455) CVE-2010-1455 wireshark: DOCSIS dissector crash
CVE-2010-1455 wireshark: DOCSIS dissector crash
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 590615 612236 612237 612238 612239
  Show dependency treegraph
Reported: 2010-05-10 06:24 EDT by Tomas Hoger
Modified: 2015-07-31 02:26 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-04-22 16:26:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2010-05-10 06:24:32 EDT
Upstream wireshark versions 1.0.13 and 1.2.8 fix a flaw in the DOCSIS dissector.  This dissector used incorrect format string specified when printing certain values (%s was used to print numeric values, causing numeric value to be used as pointer), which could cause wireshark to crash or create garbaged output.

Upstream advisories:
1.0.13 http://www.wireshark.org/security/wnpa-sec-2010-03.html
1.2.8 http://www.wireshark.org/security/wnpa-sec-2010-04.html

Upstream bug reports:

Upstream commits:
Comment 2 Tomas Hoger 2010-05-10 06:29:57 EDT
As the impact of this flaw is limited to application crash, this rated as having low security impact and the issue may get addressed in future wireshark updates in Red Hat Enterprise Linux 3, 4 and 5.
Comment 3 Tomas Hoger 2010-05-14 02:52:56 EDT

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Comment 5 errata-xmlrpc 2010-08-11 16:59:47 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html

Note You need to log in before you can comment on or make changes to this bug.