Bug 824419 (CVE-2012-2394) - CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
Summary: CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment probl...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2394
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 824426
Blocks: 824434
TreeView+ depends on / blocked
 
Reported: 2012-05-23 12:32 UTC by Jan Lieskovsky
Modified: 2021-02-23 14:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-22 21:10:04 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2012-05-23 12:32:58 UTC 
It was reported that on SPARC and Itanium processors Wireshark, the network traffic analyzer, could terminate (crash due to bus errors) while processing packet capture file containing ICMP echo or ICMPv6 echo requests.

Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221

Upstream advisory:
[2] http://www.wireshark.org/security/wnpa-sec-2012-10.html
Comment 1 Jan Lieskovsky 2012-05-23 12:56:21 UTC 
Created wireshark tracking bugs for this issue

Affects: fedora-all [bug 824426]
Comment 2 Jan Lieskovsky 2012-05-23 12:57:29 UTC 
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2012/05/23/10
Comment 3 Kurt Seifried 2012-05-23 18:20:02 UTC 
Added CVE as per http://www.openwall.com/lists/oss-security/2012/05/23/17
Comment 4 Huzaifa S. Sidhpurwala 2012-05-30 06:12:51 UTC 
The affected code segment does not exists in the version of wireshark shipped with Red Hat Enterprise Linux 5 and 6.

Statement:

Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
Note You need to log in before you can comment on or make changes to this bug.