It was reported that Wireshark's SigComp dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662 The version of Wireshark in Red Hat Enterprise Linux 5 and 6 is older than 1.10.x, and may not be affected. The version of Wireshark in Red Hat Enterprise Linux 7 is affected. External References: https://www.wireshark.org/security/wnpa-sec-2014-20.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1163585]
upstream fix ------------ Patch1: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=9a2e8ead5c93e5af78881fb1c0e1ac4d648e2d58
wireshark-1.10.11-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Analysis ======== In the code of Wireshark's SigComp dissector, calling of following function could lead to crash by largely increasing the value of 'n' ... proto_tree_add_string(udvm_tree,hf_id, bytecode_tvb, 0, 0, bytes_to_str(sha1_digest_buf, state_minimum_access_length_buff[n])); ...
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1460 https://rhn.redhat.com/errata/RHSA-2015-1460.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html
Statement: This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.