oss-sec mailing list archives
Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 17 Sep 2009 17:44:26 +0200
Hello Gerald, Steve, vendors,
this is due:
http://www.wireshark.org/security/wnpa-sec-2009-05.html
http://www.wireshark.org/security/wnpa-sec-2009-06.html
Gerald, could you please confirm, that:
A, The AFS dissector could crash. (Bug 3564)
Versions affected: 0.9.2 to 1.0.8, 1.2.0
is already assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562 and
B, The Infiniband dissector could crash on some platforms.
Versions affected: 0.9.2 to 1.0.8, 1.2.0
is already assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 ?
Steve, once confirmed, could you please allocate CVE ids for
the remaining three issues:
* The OpcUa dissector could use excessive CPU and memory. (Bug 3986)
Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986
Upstream patch: http://anonsvn.wireshark.org/viewvc?view=rev&revision=29813
* The GSM A RR dissector could crash. (Bug 3893)
Versions affected: 1.2.0 to 1.2.1
Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3893
Upstream patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_rr.c?view=log&pathrev=29403
* The TLS dissector could crash on some platforms. (Bug 4008)
Versions affected: 1.2.0 to 1.2.1
Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008
Upstream patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtls.c?view=log&pathrev=29906
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request Jan Lieskovsky (Sep 17)
