Bug 1056251 - (CVE-2017-13765) VUL-1: CVE-2017-13765: wireshark: IrCOMM dissector buffer overrun
(CVE-2017-13765)
VUL-1: CVE-2017-13765: wireshark: IrCOMM dissector buffer overrun
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191214/
CVSSv3:NVD:CVE-2017-13765:7.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-29 21:32 UTC by Andreas Stieger
Modified: 2020-05-12 18:09 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-08-29 21:32:54 UTC
https://www.wireshark.org/security/wnpa-sec-2017-41.html

Name: IrCOMM dissector buffer overrun
Docid: wnpa-sec-2017-41
Date: August 29, 2017
Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14
Fixed versions: 2.4.1, 2.2.9, 2.0.15

References: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929

The IrCOMM dissector could read past the end of a buffer.

Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Comment 1 Bernhard Wiedemann 2017-08-29 22:00:45 UTC
This is an autogenerated message for OBS integration:
This bug (1056251) was mentioned in
https://build.opensuse.org/request/show/519571 Factory / wireshark
Comment 2 Bernhard Wiedemann 2017-08-30 00:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (1056251) was mentioned in
https://build.opensuse.org/request/show/519572 42.2+42.3 / wireshark
Comment 3 Marcus Meissner 2017-08-30 13:14:04 UTC
CVE-2017-13765
Comment 4 Bernhard Wiedemann 2017-08-30 14:01:52 UTC
This is an autogenerated message for OBS integration:
This bug (1056251) was mentioned in
https://build.opensuse.org/request/show/519679 Factory / wireshark
https://build.opensuse.org/request/show/519680 42.2+42.3 / wireshark
Comment 5 Bernhard Wiedemann 2017-08-30 16:01:36 UTC
This is an autogenerated message for OBS integration:
This bug (1056251) was mentioned in
https://build.opensuse.org/request/show/519687 Factory / wireshark
Comment 6 Swamp Workflow Management 2017-09-05 01:09:22 UTC
openSUSE-SU-2017:2349-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056248,1056249,1056251
CVE References: CVE-2017-13765,CVE-2017-13766,CVE-2017-13767
Sources used:
openSUSE Leap 42.3 (src):    wireshark-2.2.9-21.1
openSUSE Leap 42.2 (src):    wireshark-2.2.9-14.13.1
Comment 8 Swamp Workflow Management 2017-09-22 16:09:38 UTC
SUSE-SU-2017:2555-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1044417,1045341,1056248,1056249,1056251
CVE References: CVE-2017-13765,CVE-2017-13766,CVE-2017-13767,CVE-2017-9617,CVE-2017-9766
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Server 12-SP3 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Server 12-SP2 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    wireshark-2.2.9-48.9.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    wireshark-2.2.9-48.9.2
Comment 9 Swamp Workflow Management 2018-01-09 20:21:50 UTC
SUSE-SU-2018:0054-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1044417,1045341,1056248,1056249,1056251,1062645,1070727
CVE References: CVE-2017-13765,CVE-2017-13766,CVE-2017-13767,CVE-2017-15191,CVE-2017-15192,CVE-2017-15193,CVE-2017-17083,CVE-2017-17084,CVE-2017-17085,CVE-2017-9617,CVE-2017-9766
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
SUSE Linux Enterprise Server 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
Comment 10 Marcus Meissner 2018-01-18 07:28:05 UTC
reelased