wireshark: Pcapng file parser crash (CVE-2015-7830)
In Wireshark before 1.12.8, the pcapng file parser could crash while
copying
an interface filter. It may be possible to make Wireshark crash by
injecting a
malformed packet onto the wire or by convincing someone to read a
malformed
packet trace file.
Affected versions:
1.12.0 to 1.12.7
References:
https://www.wireshark.org/security/wnpa-sec-2015-30.html
https://www.wireshark.org/news/20151014.html
https://bugzilla.redhat.com/show\_bug.cgi?id=1272016
Upstream patch:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13807&action=diff
(from redmine: issue id 4776, created on 2015-10-20, closed on 2015-12-09)
- Relations:
- child #4777 (closed)
- child #4778 (closed)
- Changesets:
- Revision 85d5fa7e on 2015-12-03T14:57:37Z:
main/wireshark: security upgrade to 1.12.8 (CVE-2015-7830). Fixes #4776
- Revision b01fe7a6 on 2015-12-03T14:58:41Z:
main/wireshark: security upgrade to 1.12.8 (CVE-2015-7830). Fixes #4776