Bug 737787 (CVE-2011-3484) - CVE-2011-3484 Wireshark: OpenSafety dissector vulnerability
Summary: CVE-2011-3484 Wireshark: OpenSafety dissector vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 737788
TreeView+ depends on / blocked
 
Reported: 2011-09-13 05:15 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-24 14:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-13 05:16:49 UTC
Embargoed:

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2011-09-13 05:15:57 UTC 
A large loop in the OpenSafety dissector could cause a crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This affects versions 1.6.0 to 1.6.1 and has been fixed in version 1.6.2

Reference:
http://www.wireshark.org/security/wnpa-sec-2011-12.html

This issue affects the versions of wireshark shipped with Fedora-14, Fedora-15
and the upcoming Fedora-16 and has been fixed via the following security
advisories:

https://admin.fedoraproject.org/updates/FEDORA-2011-12423
https://admin.fedoraproject.org/updates/FEDORA-2011-12403
https://admin.fedoraproject.org/updates/FEDORA-2011-12399
Comment 1 Huzaifa S. Sidhpurwala 2011-09-13 05:16:49 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6.
Comment 2 Vincent Danen 2011-09-14 21:59:54 UTC 
This issue was assigned the name CVE-2011-3484.
Note You need to log in before you can comment on or make changes to this bug.