Bugzilla – Bug 727718
VUL-0: wireshark: CSN.1 dissector crash
Last modified: 2020-04-02 02:22:48 UTC
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.
An uninitialized variable in the CSN.1 dissector could cause a crash.
Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
Update to 1.4.10 (this bug won't affact.)
Was this bug fixed as well with the last update? I guess it wasn't.
(In reply to comment #3)
> Was this bug fixed as well with the last update? I guess it wasn't.
1.4.X version doesn't support CSN.1 dissector. It only exists in 1.6.X version. Since wireshark version we are using is 1.4.10, it's not affected by this CVE, so we can simply set it to be "INVALID" and close.
CLOSED/INVALID, see previous comment.