It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affects 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1 and is fixed in upstream 1.8.2, 1.6.10, and 1.4.15 versions. http://www.wireshark.org/security/wnpa-sec-2012-23.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573 The upstream is currently not public, so cannot obtain the svn commit that corrects this flaw.
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 848593]
Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44403
wireshark-1.6.10-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.6.10-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1569 https://rhn.redhat.com/errata/RHSA-2013-1569.html
Statement: (none)