Bug 737787 (CVE-2011-3484) - CVE-2011-3484 Wireshark: OpenSafety dissector vulnerability
Summary: CVE-2011-3484 Wireshark: OpenSafety dissector vulnerability
Status: CLOSED ERRATA
Alias: CVE-2011-3484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20110907,reported=2...
Keywords: Security
Depends On:
Blocks: 737788
TreeView+ depends on / blocked
 
Reported: 2011-09-13 05:15 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-06-08 18:54 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-09-13 05:16:49 UTC


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2011-09-13 05:15:57 UTC
A large loop in the OpenSafety dissector could cause a crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This affects versions 1.6.0 to 1.6.1 and has been fixed in version 1.6.2

Reference:
http://www.wireshark.org/security/wnpa-sec-2011-12.html

This issue affects the versions of wireshark shipped with Fedora-14, Fedora-15
and the upcoming Fedora-16 and has been fixed via the following security
advisories:

https://admin.fedoraproject.org/updates/FEDORA-2011-12423
https://admin.fedoraproject.org/updates/FEDORA-2011-12403
https://admin.fedoraproject.org/updates/FEDORA-2011-12399

Comment 1 Huzaifa S. Sidhpurwala 2011-09-13 05:16:49 UTC
Statement:

Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6.

Comment 2 Vincent Danen 2011-09-14 21:59:54 UTC
This issue was assigned the name CVE-2011-3484.


Note You need to log in before you can comment on or make changes to this bug.