Bug 783363 - (CVE-2012-0067) CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser
CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture forma...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120110,reported=2...
: Security
Depends On: 781268 809045 809046 834180
Blocks: 773730 807617 816611
  Show dependency treegraph
 
Reported: 2012-01-20 01:22 EST by Huzaifa S. Sidhpurwala
Modified: 2016-03-04 06:05 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-08 04:13:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-01-20 01:22:01 EST
An integer overflow flaw leading to denial of service (application crash) was found in the way wireshark parsed files in the IPTrace capture format. It may be possible to make Wireshark crash by convincing someone to read a malformed IPTrace packet capture file.  This is corrected in upstream 1.4.11 and 1.6.5.

Reference:
http://www.wireshark.org/security/wnpa-sec-2012-01.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668

Patch:
http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167
Comment 2 Huzaifa S. Sidhpurwala 2012-01-20 01:52:15 EST
This issue affects the version of wireshark shipped with Fedora 15 and Fedora
16 and has been addressed in the following security advisories:

https://admin.fedoraproject.org/updates/wireshark-1.4.11-1.fc15
https://admin.fedoraproject.org/updates/wireshark-1.6.5-1.fc16
Comment 4 errata-xmlrpc 2012-04-23 12:52:56 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
Comment 6 errata-xmlrpc 2013-01-08 00:00:53 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Comment 8 Huzaifa S. Sidhpurwala 2013-01-08 04:13:04 EST
Statement:

(none)

Note You need to log in before you can comment on or make changes to this bug.