Bug 824419 (CVE-2012-2394) - CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
Summary: CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment probl...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2394
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 824426
Blocks: 824434
TreeView+ depends on / blocked
 
Reported: 2012-05-23 12:32 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:53 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-22 21:10:04 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2012-05-23 12:32:58 UTC
It was reported that on SPARC and Itanium processors Wireshark, the network traffic analyzer, could terminate (crash due to bus errors) while processing packet capture file containing ICMP echo or ICMPv6 echo requests.

Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221

Upstream advisory:
[2] http://www.wireshark.org/security/wnpa-sec-2012-10.html

Comment 1 Jan Lieskovsky 2012-05-23 12:56:21 UTC
Created wireshark tracking bugs for this issue

Affects: fedora-all [bug 824426]

Comment 2 Jan Lieskovsky 2012-05-23 12:57:29 UTC
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2012/05/23/10

Comment 3 Kurt Seifried 2012-05-23 18:20:02 UTC
Added CVE as per http://www.openwall.com/lists/oss-security/2012/05/23/17

Comment 4 Huzaifa S. Sidhpurwala 2012-05-30 06:12:51 UTC
The affected code segment does not exists in the version of wireshark shipped with Red Hat Enterprise Linux 5 and 6.

Statement:

Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.


Note You need to log in before you can comment on or make changes to this bug.