Bug 882602 (CVE-2014-4020) - VUL-0: CVE-2014-4020: wireshark: Possible DoS in Wireshark's Frame metadissector
Summary: VUL-0: CVE-2014-4020: wireshark: Possible DoS in Wireshark's Frame metadisse...
Status: RESOLVED FIXED
Alias: CVE-2014-4020
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Chunyan Liu
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/99580/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-13 08:51 UTC by Johannes Segitz
Modified: 2014-07-25 03:11 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-13 08:51:59 UTC 
CVE-2014-4020

It was reported that Wireshark's Frame metadissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

This is reported to affect Wireshark versions 1.10.0 to 1.10.7.  It is fixed in 1.10.8.

Affected are openSUSE 13.1, Factory and SLE 12.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1109034
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030
Comment 1 Andreas Stieger 2014-06-13 22:28:11 UTC 
Fixed in network:utilities.
Factory: https://build.opensuse.org/request/show/237315
13.1 MR: https://build.opensuse.org/request/show/237316
Comment 2 Marcus Meissner 2014-06-20 11:24:28 UTC 
reassign to sle12 maintainer
Comment 3 Swamp Workflow Management 2014-06-24 15:04:20 UTC 
openSUSE-SU-2014:0836-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 882602
CVE References: CVE-2014-4020
Sources used:
openSUSE 13.1 (src):    wireshark-1.10.8-16.1
Comment 5 Chunyan Liu 2014-07-25 03:11:12 UTC 
Checked in SLE-12.