Multiple dissector memory leaks fixed in 3.4.1.
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1919918]
This issue does not affect the versions of `wireshark` as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced in a newer version of the package.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
In reply to comment #4:
> This issue does not affect the versions of `wireshark` as shipped with Red
> Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced
> in a newer version of the package.
Specifically, it looks like the vulnerable code in _proto_tree_add_bits_ret_val() was introduced in version 3.4.0 via the following commit:
RHEL-8 ships an older version of wireshark (2.6) which is not affected by this flaw.