Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 346191 (CVE-2010-4300) - <net-analyzer/wireshark-1.2.13: Buffer Overflow Vulnerability in LDSS Dissector (CVE-2010-4300)
Summary: <net-analyzer/wireshark-1.2.13: Buffer Overflow Vulnerability in LDSS Dissect...
Alias: CVE-2010-4300
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2010-11-20 16:11 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-09 20:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-11-20 16:11:09 UTC
From $URL:

Wireshark 1.2.13 fixes the following vulnerability:

* Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318) Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1. 


It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.2.13 or later.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2010-11-25 08:40:18 UTC
Thank you for report, Tim. New version is in the tree. Arch teams, please, stabilize wireshark-1.2.13.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2010-11-25 16:39:10 UTC
Stable for HPPA PPC.
Comment 3 Agostino Sarubbo gentoo-dev 2010-11-25 17:03:13 UTC
amd64 ok
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-11-26 08:38:32 UTC
amd64 done. Thanks Agostino
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-11-26 20:07:43 UTC
x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-11-27 11:25:33 UTC
alpha/ia64/sparc stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-12-27 14:28:07 UTC
ppc64 done
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2010-12-27 16:48:00 UTC
Thanks, folks. Added to existing GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2011-06-14 09:12:38 UTC
CVE-2010-4300 (
  Heap-based buffer overflow in the dissect_ldss_transfer function
  (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0
  through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a
  denial of service (crash) and possibly execute arbitrary code via an LDSS
  packet with a long digest line that triggers memory corruption.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:00:49 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at
by GLSA coordinator Alex Legler (a3li).
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:49 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at
by GLSA coordinator Alex Legler (a3li).