Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 433990 (CVE-2012-3548) - <net-analyzer/wireshark-{1.6.10-r2,1.8.2-r2}: DRDA Dissector Denial of Service Vulnerability (CVE-2012-3548)
Summary: <net-analyzer/wireshark-{1.6.10-r2,1.8.2-r2}: DRDA Dissector Denial of Servic...
Alias: CVE-2012-3548
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on: 435542
Blocks: 431572
  Show dependency tree
Reported: 2012-09-05 05:14 UTC by Agostino Sarubbo
Modified: 2013-08-28 11:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-05 05:14:22 UTC
A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the Distributed Relational Database Architecture (DRDA) dissector (epan/dissectors/packet-drda.c) and can be exploited to cause an infinite loop and consume CPU resources via a specially crafted packet.

The vulnerability is reported in version 1.8.2. Other versions may also be affected.

Fixed in the source code repository.

Provided and/or discovered by
Reported by Martin Wilck via a bug report.

Original Advisory
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:44:50 UTC
CVE-2012-3548 (
  The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark
  1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to
  cause a denial of service (infinite loop and CPU consumption) via a small
  value for a certain length field in a capture file.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2012-09-18 16:50:30 UTC
Upstream is taking much too long. The patch hasn't been back-ported (whitespace fixes, really) to the 1.6 branch, there is no 1.9 out yet, and no fixed 1.8 release yet.

Arch teams, please test and mark stable:
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 3 Andreas Schürch gentoo-dev 2012-09-19 12:39:03 UTC
x86 done.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-09-19 13:23:23 UTC
Stable for HPPA.
Comment 5 Richard Freeman gentoo-dev 2012-09-19 14:53:51 UTC
amd64 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2012-09-23 17:30:20 UTC
alpha/ia64/sparc stable
Comment 7 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-09-28 18:09:30 UTC
ppc64 stable
Comment 8 Anthony Basile gentoo-dev 2012-09-29 10:49:43 UTC
stable ppc
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-29 12:59:25 UTC
Thanks, everyone. 

Since it is just 1 CVE, I added it on to the existing GLSA draft.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 11:43:50 UTC
This issue was resolved and addressed in
 GLSA 201308-05 at
by GLSA coordinator Sergey Popov (pinkbyte).