Bug 824419 - (CVE-2012-2394) CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment probl...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120521,reported=2...
: Security
Depends On: 824426
Blocks: 824434
  Show dependency treegraph
 
Reported: 2012-05-23 08:32 EDT by Jan Lieskovsky
Modified: 2016-11-08 11:14 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-22 17:10:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-05-23 08:32:58 EDT
It was reported that on SPARC and Itanium processors Wireshark, the network traffic analyzer, could terminate (crash due to bus errors) while processing packet capture file containing ICMP echo or ICMPv6 echo requests.

Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221

Upstream advisory:
[2] http://www.wireshark.org/security/wnpa-sec-2012-10.html
Comment 1 Jan Lieskovsky 2012-05-23 08:56:21 EDT
Created wireshark tracking bugs for this issue

Affects: fedora-all [bug 824426]
Comment 2 Jan Lieskovsky 2012-05-23 08:57:29 EDT
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2012/05/23/10
Comment 3 Kurt Seifried 2012-05-23 14:20:02 EDT
Added CVE as per http://www.openwall.com/lists/oss-security/2012/05/23/17
Comment 4 Huzaifa S. Sidhpurwala 2012-05-30 02:12:51 EDT
The affected code segment does not exists in the version of wireshark shipped with Red Hat Enterprise Linux 5 and 6.

Statement:

Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.