A NULL pointer dereference flaw was found in the way Wireshark processed certain Diameter dictionary files. A remote attacker could create a specially-crafted dictionary file, which once used, by a local, unsuspecting user when loading a Diameter capture file could lead to wireshark application crash. References: [1] http://www.openwall.com/lists/oss-security/2011/05/31/20 (CVE request) [2] http://www.wireshark.org/security/wnpa-sec-2011-07.html (upstream advisory)
This issue affects the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the wireshark package, as shipped with Fedora release of 13, 14, and 15.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
Current Fedora has wireshark 1.4.12 which is not affected by this flaw.
Acknowledgements: This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Statement: (none)