Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2284 to the following vulnerability: Name: CVE-2010-2284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284 Assigned: 20100614 Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1 Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html Reference: MANDRIVA:MDVSA-2010:113 Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 Reference: SECUNIA:40112 Reference: URL: http://secunia.com/advisories/40112 Reference: VUPEN:ADV-2010-1418 Reference: URL: http://www.vupen.com/english/advisories/2010/1418 Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. Upstream commits: trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=32922 trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33046 trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33122 trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33146
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 549580]
This is a stack memory exhaustion issue, which means this is a relatively harmless crash. As a result, this is a low impact issue.
Upstream seems to have fixed the recursion issue, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984#c14. It's reproducible using upstream capture http://www.wireshark.org/download/automated/captures/fuzz-2010-07-12-1799.pcap (loops infinitely) and http://www.wireshark.org/download/automated/captures/fuzz-2010-07-06-23547.pcap (crashes). Usage: $ tshark -nVr fuzz-2010-07-06-23547.pcap "frame.number != 0" >/dev/null Running as user "root" and group "root". This could be dangerous. Segmentation fault Both these issues (endless loop, crash) are reproducible only with unpatched upstream versions of wireshark-1.0.14, our old RHEL-5 version (1.0.8) does not crash!
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html