Summary: | net-analyzer/wireshark: Remote denial of service via a malformed capture (CVE-2011-{3842,3483,3484}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | daavelino |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon, pva |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3483 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
daavelino
2011-09-20 12:27:44 UTC
CVE-2011 3484 "The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet." http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3484 and CVE-2011 3482 "The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3482 apply to the same packages. Fixed package is in the tree now (thanks, Peter). Closing noglsa since 1.6.x is ~arch. |