Bugzilla – Bug 935157
VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)
Last modified: 2016-04-27 20:21:17 UTC
Created attachment 638278 [details]
reproducer capture file
Name: WCCP dissector crash
Date: June 17, 2015
Description: The WCCP dissector could crash.
Affected versions: 1.12.0 to 1.12.x
Fixed versions: 1.12.x
(Note: wireshark does not make statements about affectedness of discontinued releases, meaning 1.10.x might be affected)
Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
bugbot adjusting priority
Tested with given pcap file on 1.10.14 (SLE-11-SP3 and SLE-12), didn't show problem. So close it.
Verified crash segmentation fault) on openSUSE 13.2 with Wireshark 1.12.5, reopening
I'll do an update for at last openSUSE 13.2 unless someone beats me to it. Wanted to fix the Factory qt5 failure first.
From openSUSE 13.2 only.
Fixes released for all affected versions.
openSUSE-SU-2015:1215-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate)
Bug References: 935157,935158
CVE References: CVE-2015-4651,CVE-2015-4652
openSUSE 13.2 (src): wireshark-1.12.6-18.1