Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 609646 (CVE-2017-6014) - <net-analyzer/wireshark-2.2.5: Memory exhaustion via crafted STANAG 4607 capture file
Summary: <net-analyzer/wireshark-2.2.5: Memory exhaustion via crafted STANAG 4607 capt...
Status: RESOLVED FIXED
Alias: CVE-2017-6014
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/lists/wires...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-17 15:47 UTC by ncl
Modified: 2017-06-06 19:50 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/wireshark-2.2.5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ncl 2017-02-17 15:47:58 UTC
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6014
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Comment 1 Jeroen Roovers gentoo-dev 2017-03-04 12:12:40 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-2.2.5
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers gentoo-dev 2017-03-05 12:35:42 UTC
Stable for HPPA PPC64.
Comment 3 Tobias Klausmann gentoo-dev 2017-03-06 15:51:40 UTC
Stable on alpha.
Comment 4 Markus Meier gentoo-dev 2017-03-08 05:57:15 UTC
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-03-10 09:10:23 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-03-10 11:00:50 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-03-10 12:53:44 UTC
sparc stable
Comment 8 Michael Weber (RETIRED) gentoo-dev 2017-03-10 21:20:57 UTC
ppc stable.
Comment 9 Agostino Sarubbo gentoo-dev 2017-03-11 17:18:20 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Jeroen Roovers gentoo-dev 2017-03-16 07:29:26 UTC
(In reply to Michael Weber from comment #8)
> ppc stable.

That didn't actually happen.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-24 05:23:04 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 19:50:25 UTC
This issue was resolved and addressed in
 GLSA 201706-12 at https://security.gentoo.org/glsa/201706-12
by GLSA coordinator Kristian Fiskerstrand (K_F).