Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 915224 (CVE-2023-5371, WNPA-SEC-2023-27) - <net-analyzer/wireshark-4.0.9: Memory leak in RTPS dissector
Summary: <net-analyzer/wireshark-4.0.9: Memory leak in RTPS dissector
Status: RESOLVED FIXED
Alias: CVE-2023-5371, WNPA-SEC-2023-27
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa+]
Keywords:
Depends on: 920211
Blocks:
  Show dependency tree
 
Reported: 2023-10-06 00:04 UTC by Sam James
Modified: 2024-02-04 09:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-06 00:04:42 UTC
"""
Description

The RTPS dissector could leak memory.
Impact

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. 
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-10-06 00:32:10 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecc355065fbd5135ada8fd0052ea3381afe9f1f3

commit ecc355065fbd5135ada8fd0052ea3381afe9f1f3
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-10-06 00:05:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-06 00:08:10 +0000

    net-analyzer/wireshark: add 4.0.9 (now with verify-sig)
    
    Backport the verify-sig bits from 4.1.0.
    
    Bug: https://bugs.gentoo.org/915224
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   2 +
 net-analyzer/wireshark/wireshark-4.0.9.ebuild | 341 ++++++++++++++++++++++++++
 2 files changed, 343 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-12-28 04:24:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13512c2eed433e1b7b8c7261198f0a75d6aa0b1e

commit 13512c2eed433e1b7b8c7261198f0a75d6aa0b1e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-12-28 04:24:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-28 04:24:04 +0000

    net-analyzer/wireshark: drop 4.0.8, 4.0.10
    
    Bug: https://bugs.gentoo.org/915224
    Bug: https://bugs.gentoo.org/917421
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   3 -
 net-analyzer/wireshark/wireshark-4.0.10.ebuild | 341 -------------------------
 net-analyzer/wireshark/wireshark-4.0.8.ebuild  | 316 -----------------------
 3 files changed, 660 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-04 09:10:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=860281bb89beab468566ee29b1c64481900259d1

commit 860281bb89beab468566ee29b1c64481900259d1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 09:10:28 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 09:10:53 +0000

    [ GLSA 202402-09 ] Wireshark: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/915224
    Bug: https://bugs.gentoo.org/917421
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-09.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)