Description The QUIC dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd9e905c82b1eddf42123ed911c6c19e42d2876c commit dd9e905c82b1eddf42123ed911c6c19e42d2876c Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-20 04:34:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-20 04:34:10 +0000 net-analyzer/wireshark: bump to 3.4.2 Bug: https://bugs.gentoo.org/760800 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.2.ebuild | 259 ++++++++++++++++++++++++++ 2 files changed, 260 insertions(+)
amd64 done
arm done
x86 stable
arm64 done
ppc64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=181b6a478073f4f88bc41a164fe76516990a4bbd commit 181b6a478073f4f88bc41a164fe76516990a4bbd Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-23 22:59:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-23 22:59:34 +0000 net-analyzer/wireshark: security cleanup Bug: https://bugs.gentoo.org/760800 Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 2 - net-analyzer/wireshark/wireshark-3.4.0.ebuild | 259 -------------------------- net-analyzer/wireshark/wireshark-3.4.1.ebuild | 259 -------------------------- 3 files changed, 520 deletions(-)
This issue was resolved and addressed in GLSA 202101-12 at https://security.gentoo.org/glsa/202101-12 by GLSA coordinator Aaron Bauman (b-man).