Red Hat Bugzilla – Bug 990180
CVE-2013-4936 wireshark: DoS (NULL pointer dereference, crash) in the PROFINET Real-Time dissector (wnpa-sec-2013-53)
Last modified: 2016-03-04 07:40:13 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4936 to the following vulnerability:
The dissect_smtp function in epan/dissectors/packet-smtp.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
The patches mentioned in comment #0 are not correct. The correct patch which corrects this flaw is:
This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:1569 https://rhn.redhat.com/errata/RHSA-2013-1569.html
(In reply to Huzaifa S. Sidhpurwala from comment #2)
> This issue affects the version of wireshark as shipped with Red Hat
> Enterprise Linux 5. The Red Hat Security Response Team has rated this issue
> as having low security impact, a future update may address this flaw.
Having looked at the upstream bug report, I can't make tshark crash using provided capture file. The code doesn't dereference mentioned pointers.
IsDFP_Frame() isn't even present.
Can you, please, investigate this flaw again?