Summary: | <net-analyzer/wireshark-{1.8.11,1.10.3} : Multiple Denial of Service Vulnerabilities (CVE-2013-{6336,6337,6338,6339,6340}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/55492/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-11-04 20:56:14 UTC
CVE-2013-6340 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6340): epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6339 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6339): The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. CVE-2013-6338 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6338): The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6337 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6337): Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6336 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6336): The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.11 =net-analyzer/wireshark-1.10.3 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable x86 stable alpha stable ppc stable ppc64 stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: no. Strike that, we have a GLSA request open already. Added to request. Maintainer(s), Thank you for cleanup! This issue was resolved and addressed in GLSA 201312-13 at http://security.gentoo.org/glsa/glsa-201312-13.xml by GLSA coordinator Sergey Popov (pinkbyte). |