First Last Prev Next    This bug is not in your last search results.
Bug 727718 - VUL-0: wireshark: CSN.1 dissector crash
VUL-0: wireshark: CSN.1 dissector crash
Status: VERIFIED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Chunyan Liu
Security Team bot
CVSSv2:NVD:CVE-2011-4100:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-02 09:06 UTC by Ludwig Nussel
Modified: 2020-04-02 02:22 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-11-02 09:06:10 UTC 
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2011-4100

An uninitialized variable in the CSN.1 dissector could cause a crash.

Affects: 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
https://bugzilla.redhat.com/show_bug.cgi?id=750643
Comment 2 Chunyan Liu 2011-11-10 08:15:16 UTC 
Update to 1.4.10 (this bug won't affact.)
Comment 3 Matthias Weckbecker 2011-11-23 15:03:05 UTC 
Was this bug fixed as well with the last update? I guess it wasn't.
Comment 4 Chunyan Liu 2011-11-24 07:00:23 UTC 
(In reply to comment #3)
> Was this bug fixed as well with the last update? I guess it wasn't.

1.4.X version doesn't support CSN.1 dissector. It only exists in 1.6.X version. Since wireshark version we are using is 1.4.10, it's not affected by this CVE, so we can simply set it to be "INVALID" and close.
Comment 5 Matthias Weckbecker 2011-11-25 09:32:35 UTC 
CLOSED/INVALID, see previous comment.
First Last Prev Next    This bug is not in your last search results.