[arch-security] [Arch Linux Security Advisory ASA-201411-24] wireshark-qt: denial of service
Levente Polyak
anthraxx at archlinux.org
Thu Nov 20 19:42:32 UTC 2014
Arch Linux Security Advisory ASA-201411-24
==========================================
Severity: Medium
Date : 2014-11-20
CVE-ID : CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713
CVE-2014-8714
Package : wireshark-qt
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package wireshark-qt before version 1.12.2-1 is vulnerable to
multiple issues leading to denial of service.
Resolution
==========
Upgrade to 1.12.2-1.
# pacman -Syu "wireshark-qt>=1.12.2-1"
The problems have been fixed upstream in version 1.12.2.
Workaround
==========
None.
Description
===========
- CVE-2014-8710 (out-of-bounds read)
Out-of-bounds read flaw in the SigComp dissector (sigcomp-udvm) leads to
denial of service while processing malformed packets.
- CVE-2014-8711 (out-of-bounds read)
The AMQP dissector is seeing a large value in the capture file for what
it thinks should be a field specifying the number of elements in an
array, resulting in undetected overflow (wrapping).
- CVE-2014-8712 (stack buffer overflow)
An issue in the NCP dissector while constructing strings may lead to
incorrect data length, resulting in stack buffer overflow and denial of
service.
- CVE-2014-8713 (denial of service)
An issue in the NCP dissector may lead to denial of service while
accessing an uninitialized buffer.
- CVE-2014-8714 (denial of service)
A missing exit when the offset is not incremented in the tn5250
dissector is leading to an endless loop, resulting in denial of service.
Impact
======
It may be possible to make wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
References
==========
https://www.wireshark.org/lists/wireshark-users/201411/msg00004.html
https://www.wireshark.org/security/wnpa-sec-2014-20.html
https://www.wireshark.org/security/wnpa-sec-2014-21.html
https://www.wireshark.org/security/wnpa-sec-2014-22.html
https://www.wireshark.org/security/wnpa-sec-2014-23.html
https://access.redhat.com/security/cve/CVE-2014-8710
https://access.redhat.com/security/cve/CVE-2014-8711
https://access.redhat.com/security/cve/CVE-2014-8712
https://access.redhat.com/security/cve/CVE-2014-8713
https://access.redhat.com/security/cve/CVE-2014-8714
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10582
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10552
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10628
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141120/cfb84524/attachment.bin>
More information about the arch-security
mailing list