A denial of service flaw was found in the way ETCH dissector of Wireshark, a network traffic analyzer, processed certain ETCH packet capture files. A remote attacker could provide a specially-crafted ETCH packet capture file that, when processed, would lead to wireshark executable to enter large loop (denial of service) when trying to dissect that file. Upstream bug report: [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464 Reproducer: [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464#c0 Upstream patch: [3] http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
Upstream advisory: http://www.wireshark.org/security/wnpa-sec-2013-31.html The version of wireshark shipped with Red Hat Enterprise Linux 5 and 6 does not have support for Apache Etch Protocol.
Statement: Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
Created wireshark tracking bugs for this issue Affects: fedora-18 [bug 965942]
*** This bug has been marked as a duplicate of bug 966331 ***