wireshark: Dissector Bugs Lets Remote Users Cause the Target Service to Crash (CVE-2015-6241,CVE-2015-6242,CVE-2015-6243,CVE-2015-6244,CVE-2015-6245,CVE-2015-6246,CVE-2015-6247,CVE-2015-6248,CVE-2015-6249)
Several vulnerabilities were reported in Wireshark. A remote user can cause the target application to crash or enter an infinite loop.
The application may crash when adding an item to the protocol tree [CVE-2015-6241].
The memory manager may attempt to free invalid memory [CVE-2015-6242].
The application may crash when searching for a protocol dissector [CVE-2015-6243].
The application may crash because of invalid ptvcursor length checking [CVE-2015-6248].
A remote user can cause the target dissector to crash.
The ZigBee dissector is affected [CVE-2015-6244].
The WCCP dissector is affected [CVE-2015-6241].
The WaveAgent dissector is affected [CVE-2015-6246].
A remote user can cause the target dissector to enter an infinite loop.
The GSM RLC/MAC dissector is affected [CVE-2015-6245].
The OpenFlow dissector is affected [CVE-2015-6247].
Alan Tu, Antti Levomaki, and Magnus Stubman reported some of these vulnerabilities.
Impact: A remote user can cause the target application to crash or enter an infinite loop.
Solution: The vendor has issued a fix (1.12.7).
The vendor’s advisories are available at:
https://www.wireshark.org/security/wnpa-sec-2015-21.html
https://www.wireshark.org/security/wnpa-sec-2015-22.html
https://www.wireshark.org/security/wnpa-sec-2015-23.html
https://www.wireshark.org/security/wnpa-sec-2015-24.html
https://www.wireshark.org/security/wnpa-sec-2015-25.html
https://www.wireshark.org/security/wnpa-sec-2015-26.html
https://www.wireshark.org/security/wnpa-sec-2015-27.html
https://www.wireshark.org/security/wnpa-sec-2015-28.html
https://www.wireshark.org/security/wnpa-sec-2015-29.html
Vendor URL: www.wireshark.org/security/wnpa-sec-2015-21.html (Links to External Site)
Reference:
(from redmine: issue id 4632, created on 2015-09-09, closed on 2015-09-10)
- Relations:
- child #4633 (closed)
- child #4634 (closed)