Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2284 to
the following vulnerability:
Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html
Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113
Reference: URL: http://secunia.com/advisories/40112
Reference: URL: http://www.vupen.com/english/advisories/2010/1418
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13
through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote
Created wireshark tracking bugs for this issue
Affects: fedora-all [bug 549580]
This is a stack memory exhaustion issue, which means this is a relatively harmless crash. As a result, this is a low impact issue.
Upstream seems to have fixed the recursion issue, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984#c14.
It's reproducible using upstream capture http://www.wireshark.org/download/automated/captures/fuzz-2010-07-12-1799.pcap (loops infinitely) and http://www.wireshark.org/download/automated/captures/fuzz-2010-07-06-23547.pcap (crashes).
$ tshark -nVr fuzz-2010-07-06-23547.pcap "frame.number != 0" >/dev/null
Running as user "root" and group "root". This could be dangerous.
Both these issues (endless loop, crash) are reproducible only with unpatched upstream versions of wireshark-1.0.14, our old RHEL-5 version (1.0.8) does not crash!
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html