Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2285 to the following vulnerability: Name: CVE-2010-2285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2285 Assigned: 20100614 Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1 Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html Reference: MANDRIVA:MDVSA-2010:113 Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 Reference: SECUNIA:40112 Reference: URL: http://secunia.com/advisories/40112 Reference: VUPEN:ADV-2010-1418 Reference: URL: http://www.vupen.com/english/advisories/2010/1418 The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. Upstream commits: trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=32848 trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33120 trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33143
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 549580]
This is a *printf("%s", NULL) flaw. This leads to crash on some platforms, but this problem does not affect glibc printf functions implementation. Statement: Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.