Red Hat Bugzilla – Bug 807644
CVE-2012-1595 wireshark: Heap-based buffer overflow when reading ERF packets from pcap/pcap-ng trace files
Last modified: 2016-03-04 07:26:37 EST
An integer underflow, subsequently leading to request to allocate a large amount of memory was found in the way pcap and pcap-ng file parsers of Wireshark, a network traffic analyzer, processed Extension and / or Multi-Channel header information in ERF files. A remote attacker could provide a specially-crafted packet capture file (with size of full pseudoheader being greater than the packet size), which once opened by a local unsuspecting user would lead to wireshark executable abort.
Upstream bug report:
Relevant upstream patch:
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/28/13
Created wireshark tracking bugs for this issue
Affects: fedora-15 [bug 808974]
Affects: fedora-16 [bug 808973]
wireshark-1.4.12-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.6.6-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5.