Bugzilla – Bug 920700
VUL-1: CVE-2015-2192: wireshark: The SCSI OSD dissector could go into an infinite loop
Last modified: 2015-03-13 09:22:08 UTC
From https://www.wireshark.org/security/wnpa-sec-2015-11.html Name: SCSI OSD dissector infinite loop Docid: wnpa-sec-2015-11 Date: March 4, 2015 Affected versions: 1.12.0 to 1.12.3 Fixed versions: 1.12.4 References: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2192 Description: The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
This is an autogenerated message for OBS integration: This bug (920700) was mentioned in https://build.opensuse.org/request/show/289296 13.2+13.1 / wireshark
bugbot adjusting priority
Affects 1.12.x on openSUSE 13.2 only. SLE not affected.
openSUSE-SU-2015:0489-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 920695,920696,920697,920698,920699,920700 CVE References: CVE-2015-2187,CVE-2015-2188,CVE-2015-2189,CVE-2015-2190,CVE-2015-2191,CVE-2015-2192 Sources used: openSUSE 13.2 (src): wireshark-1.12.4-12.1 openSUSE 13.1 (src): wireshark-1.10.13-36.1
Released.