A denial of service flaw was found in the way ASN.1 BER dissector of Wireshark, a network traffic analyzer, processed certain ASN.1 BER packet capture files. Remote attacker could provide a specially-crafted ASN.1 BER packet capture file that, when processed would lead to tshark executable crash. Upstream bug report: [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599 Reproducer: [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599#c0 [3] http://www.wireshark.org/download/automated/captures/fuzz-2013-04-20-29140.pcap Upstream patches: [4] http://anonsvn.wireshark.org/viewvc?view=revision&revision=48943 Note: This issue has been split from bug 965193, please see the following link for more details: https://bugzilla.redhat.com/show_bug.cgi?id=965193#c5
Statement: Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
This issue does not affect the version of wireshark as shipped with Fedora 17 and Fedora 18
Upstream advisory: http://www.wireshark.org/security/wnpa-sec-2013-25.html